IETF Logo Mail Archive

Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling

Cullen Jennings <fluffy@iii.ca> Tue, 27 March 2018 16:57 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A003B126DED for <rtcweb@ietfa.amsl.com>; Tue, 27 Mar 2018 09:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJcGunG5W6Kz for <rtcweb@ietfa.amsl.com>; Tue, 27 Mar 2018 09:57:55 -0700 (PDT)
Received: from smtp121.iad3a.emailsrvr.com (smtp121.iad3a.emailsrvr.com [173.203.187.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714E2126CD8 for <rtcweb@ietf.org>; Tue, 27 Mar 2018 09:57:55 -0700 (PDT)
Received: from smtp8.relay.iad3a.emailsrvr.com (localhost [127.0.0.1]) by smtp8.relay.iad3a.emailsrvr.com (SMTP Server) with ESMTP id 8373F549F; Tue, 27 Mar 2018 12:57:51 -0400 (EDT)
X-Auth-ID: fluffy@iii.ca
Received: by smtp8.relay.iad3a.emailsrvr.com (Authenticated sender: fluffy-AT-iii.ca) with ESMTPSA id 398145278; Tue, 27 Mar 2018 12:57:51 -0400 (EDT)
X-Sender-Id: fluffy@iii.ca
Received: from [10.1.3.91] (S0106004268479ae3.cg.shawcable.net [70.77.44.153]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:587 (trex/5.7.12); Tue, 27 Mar 2018 12:57:51 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com>
Date: Tue, 27 Mar 2018 10:57:49 -0600
Content-Transfer-Encoding: quoted-printable
Message-Id: <8C7113E7-1D06-4FF4-BDD8-9F40E9C94D86@iii.ca>
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com>
To: RTCWeb IETF <rtcweb@ietf.org>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/50nBI9SAUDb3M85GBkY46zvO6rw>
Subject: Re: [rtcweb] WGLC for draft-ietf-rtcweb-ip-handling
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Mar 2018 16:57:58 -0000

Theses comments are sent as an individual contributor. 

Let me start by saying I think I am in the rough on the consensus of this draft and I expect the draft to be sent to the IESG with no changes. For the record, as I have said at the floor microphone in the past, I don't agree with the draft. 

This draft results in the situation where implementations decide if they should reveal the users location to the website by asking a questions of the form "Will you allow example.com to use your camera?" If the user says that is OK to use their camera, in many cases they have also allowed the website to get their location via the IP address. From a user point of view, I think this is awful, There are many reasons I might allow a website I do not trust to know my location to access my camera - for example, I have a black cover over my camera and the website won't work unless I say yes to this request. Or a webcam worker where the job involves revealing video but revealing the locations they work at may put them at risk of serious harm. Or I am in a domestic abuse shelter and want to have a call but revealing may location puts me at risk of physical harm. I do not think the IETF should in any way endorse this extremely misleading form of consent. It is simply not consent. I realize this would be good for companies that are primary funded by by web advertising for which location is valuable.

There are several people who's opinion I deeply respect that have looked at this problem in detail. They somewhat agree the above is a problem, but they argue it is better than any alternative design. I disagree with this.The root of the problem we are trying to solve with this draft is that some VPNs are configured to send some packets over the VPN while at the same time some other packets are not sent over the VPN. If you use a VPN configured like this to try and hide your location, WebRTC can end up sending packets not over the VPN and that can reveal your location. I think the right solution to this problem is to acknowledge this is a VPN problem, not a WebRTC problem. If you are using a VPN to hide your location, do not allow that VPN to send packets outside the VPN. I will note most VPNs support this. 

John Morris words from [1], more or less sum up about how I feel about this - just reverse W3C and IETF.

    "By not actually building privacy into the specification, the W3C has  
    both missed a significant opportunity to improve user privacy on the  
    Web, and it has harmed the efforts of another standards body -- the  
    IETF -- to protect location privacy and to improve the privacy  
    paradigm for Internet services."

From a process point of view: 1) I have had time to express this opinion in the rtcweb WG meetings and it has been discussed. My read of the consensus in the room is that I am in the rough on this topic  2) I don't think the rtcweb WG is the WG in the IETF with the most expertise in VPNs

Thanks, Cullen


As FYI, the actual questions that are asked by today's browsers are roughly the following:

In firefox: "Will you allow webrtc.github.io to use your camera?"

In chrome: "webrtc.github.io wants to use your camera"

In safari: "Allow webrtc.github.io to use your camera?"

In edge: "Let webrtc.github.io use your webcam?”


[1] https://lists.w3.org/Archives/Public/public-geolocation/2009Jul/0020.html



> On Mar 7, 2018, at 7:49 PM, Sean Turner <sean@sn3rd.com> wrote:
> 
> All,
> 
> This is the WGLC for the "WebRTC IP Address Handling Requirements” draft available @ https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-handling/.  Please review the draft and send your comments to this list by 2359UTC on 30 March 30 2017.
> 
> Thanks,
> C/T/S
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email