Re: [rtcweb] ICE exposes 'real' local IP to javascript

On 4 February 2015 at 16:47, Harald Alvestrand <> wrote:
> We have discussed this before, and concluded that a confirmation dialog
> makes no more sense than having a confirmation dialog for performing an
> XHR request or opening a Websocket - neither of which requires
> confirmation dialogs today.

Yes.  Every time something like this comes up, someone inevitably
suggests that asking users is an acceptable way to deal with it, as if
somehow that transfers the responsibility for solving the problem onto
users.  Even if we could communicate the risks effectively, which I
don't believe we can, I still wouldn't be in favour of a dialog.

There are two concerns here:
1. fingerprinting - for which I believe the only recourse is to
disable the feature.  The combination of device enumeration and SDP
provides a fairly rich surface even without IP addresses.
2. exposure of privacy-VPN users.

This latter is what people seem most concerned with at this point in
time.  And I'm not against someone building options into their browser
to manage this.  That, or, if the VPN is for privacy-preserving
purposes, the interfaces that are potentially revealing could be
disabled.  Neither option requires action by this group.

Received on Wednesday, 4 February 2015 06:29:19 UTC