Re: [rtcweb] ICE exposes 'real' local IP to javascript

> On 4 Feb 2015, at 06:28, Martin Thomson <> wrote:
> On 4 February 2015 at 16:47, Harald Alvestrand <> wrote:
>> We have discussed this before, and concluded that a confirmation dialog
>> makes no more sense than having a confirmation dialog for performing an
>> XHR request or opening a Websocket - neither of which requires
>> confirmation dialogs today.

Yes, but I don’t think we considered the VPN-for-privacy angle at that point.
Xhr and Websockets don’t reveal all the local IP addresses - just the one that is configured 
to be used, or indeed no local IPs if the user has elected to use a http(s) proxy.

> Yes.  Every time something like this comes up, someone inevitably
> suggests that asking users is an acceptable way to deal with it, as if
> somehow that transfers the responsibility for solving the problem onto
> users.  Even if we could communicate the risks effectively, which I
> don't believe we can, I still wouldn't be in favour of a dialog.
> There are two concerns here:
> 1. fingerprinting - for which I believe the only recourse is to
> disable the feature.  The combination of device enumeration and SDP
> provides a fairly rich surface even without IP addresses.
> 2. exposure of privacy-VPN users.
> This latter is what people seem most concerned with at this point in
> time.  And I'm not against someone building options into their browser
> to manage this.  That, or, if the VPN is for privacy-preserving
> purposes, the interfaces that are potentially revealing could be
> disabled.  Neither option requires action by this group.

I disagree, we should at least document the risk, and in my view we should 
recommend the provision of a browser configuration mechanism to disable specific interfaces from appearing in ICE.

In case folks are assuming this is an obscure issue, I’d point out that there is a pretty common use-case for privacy VPNs/proxies: watching domestic IPTV when traveling.
Whilst we don’t want to condone license infringements it would be a shame if folks turned off webRTC just when they
needed it most :-)



Received on Wednesday, 4 February 2015 08:54:03 UTC