* Tim Panton wrote: >I’ve been reading worried blogs that WEBRTC in browsers ‘leaks’ the local ‘real’ ip addresses to the javascript. >The principle worriers are VPN users e.g https://cryptostorm.org/viewtopic.php?f=50&t=2867&p=13096#p13096 <https://cryptostorm.org/viewtopic.php?f=50&t=2867&p=13096#p13096> >The concern is that this can be done without user notification (DataChannel request) and might be used to >identify or finger-print users. Clearly the most vulnerable are Tor users who are on a real routeable IP address >or directly on a carrier grade nat (eg android phones etc) where the IP may reveal the identity or location of the user. If this actually allows random web sites to know that I am using the addresses 192.168.12.96, 192.168.3.222, and 192.168.200.7 (Ethernet, Wifi, virtual machine) on this computer then that is pretty much like broadcasting a device GUID and should concern everybody. I note that some of the recent news coverage of this indicated that some major web sites and services already use this to identify and track users. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/Received on Tuesday, 3 February 2015 14:04:20 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:04 UTC