Re: webrtc vs socks proxies

On 02/10/2015 04:36 PM, Philipp Hancke wrote:
> changing subject.
>
> Am 05.02.2015 um 22:02 schrieb Harald Alvestrand:
> [...]
>> I would see much more benefit in someone trying for a writeup that
>> describes precisely the threat they see, what mitigations they see
>> against the possible threat, and - importantly - what functionality we
>> would lose by implementing those mitigations.
>
> So here is one aspect I found worrying: socks proxies.
>
> When using a socks (v4) proxy (ssh -D, apparently also a common setup 
> for some tor users) and there exists a "more direct route" to the 
> internet, the "public ip" is "exposed".
>
>
> Possible mitigation: WebRTC should honor the proxy settings. Here, 
> this would mean disabling UDP. Any TCP traffic (including TURN and 
> ICE-TCP) is routed via the socks server. As a result, instead of the 
> "public ip" the one of the socks server is exposed. Which is what 
> happen for all other kinds of requests as well.
>
>
> Functionality loss:
> With UDP disabled, TURN/TCP or TURN/TLS are going to be used via the 
> proxy. Sites that don't use TURN/TCP or TURN/TLS are not going to 
> work. This might affect datachannel-only use-cases that elide TURN by 
> routing via an overlay mesh.

Of course disabling UDP also disables UDP .... that is, we impose strict 
queueing on packets, leading to delayed packets rather than dropped 
packets, which will cause the usual issues with timely media delivery 
and data delivery for the cases where "unreliable" transmission is 
appropriate.

>
> This increases the load on the socks server. I don't think this is 
> relevant, socks has been used for filetransfer in the past so proxies 
> should be able to deal with that.
> RETURN can allow optimizing this by making TURN traffic go over 
> dedicated TURN servers or allowing it to leak.
>
>
> This is mostly a question of what the user expectation is regarding 
> leakyness. I don't know about users. I only spoke to one who was using 
> tor occasionally and concerned.
>

I think it's important for us to be clear about what we consider an issue.
Björn's issue was fingerprinting due to exposure of local IP addresses 
(192.168.x.x); this issue is independent of whether proxies are used.

Do you have a good description of what issue you see with socks proxies 
- which exposed addresses are you worried about, and why?

Received on Tuesday, 10 February 2015 16:44:49 UTC