Re: [rtcweb] Please require user consent for data channels
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Sun, 12 July 2015 08:49 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A1AAB1A8739 for <rtcweb@ietfa.amsl.com>; Sun, 12 Jul 2015 01:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHMsDYYfyFQW for <rtcweb@ietfa.amsl.com>; Sun, 12 Jul 2015 01:49:30 -0700 (PDT)
Received: from mail-wg0-x233.google.com (mail-wg0-x233.google.com [IPv6:2a00:1450:400c:c00::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E88661A702D for <rtcweb@ietf.org>; Sun, 12 Jul 2015 01:49:29 -0700 (PDT)
Received: by wgkl9 with SMTP id l9so5817956wgk.1 for <rtcweb@ietf.org>; Sun, 12 Jul 2015 01:49:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=0SoOUvQLSTVjykbPSECtbf7hHNg+ODqVEv5htxKgBSQ=; b=NgvsPVBO7IiHtOhVh5lZHrLFkBmOr7ObzPs0VesNlGrTsr7duJR+oSWJuEqt5FHDfI ULKAB+jiSPTqlxfcdO/ayPOuWOwgKbbkP7jq87PP49rwpVqm4oSInZQm+0gfCoGRbFvp 4E5guQKYXmMWjHc8oMSpOuSkq6E+VqTkJywc8gOqPFrDrYKq3sLGB/m6Sr9tUJf791qU 2uM40Fmpp+6/jfDyZQziUMrUGE/dullBwPfrkuwxLnIIcjK7ljORqPY9gXde2vqQF3W+ SLtrd8LUK14N4mn0td+vy5tS6UVCSyrQ43k+j6n9ko4yNqhIfb+oO1vIUqekLR8i91pb qGvA==
X-Received: by 10.194.250.69 with SMTP id za5mr21230227wjc.90.1436690968682; Sun, 12 Jul 2015 01:49:28 -0700 (PDT)
Received: from [192.168.0.193] ([95.61.111.78]) by smtp.googlemail.com with ESMTPSA id ck7sm22166178wjc.43.2015.07.12.01.49.27 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Jul 2015 01:49:27 -0700 (PDT)
To: rtcweb@ietf.org
References: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <55A22A1B.4000202@gmail.com>
Date: Sun, 12 Jul 2015 10:49:31 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.0.1
MIME-Version: 1.0
In-Reply-To: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/FpGreH3bG0tnZGJCUFC8t3F4zg0>
Subject: Re: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Jul 2015 08:49:32 -0000
Hi, While acknowledging that there might be a potential privacy issue, I don't think agree on your analysis on the issue that you have made nor your proposal. The information available in the ICE gathering process and made available to the JS app is the following: -Host candidates, mostly private IP addresses -Server reflexive candidates, exposing the public IP address as shown by the TURN/STUN server -Relay candidates, hosted by the TURN server My understanding of the issue is that the leak happens when the application is able to retrieve information not already available to it. That happens either when the user is using a VPN and have multiple public IP addresses or using an external PROXY so the http/ws connection have a different originator public IP address. AFAIK there should be no potential danger in leaking the private IP4 addresses (here you got mine, in case you are interested 127.0.0.1 and 192.168.64.2 ;). I have not much background on IPv6, so please complete any missing info and how would it affect here. I don't think it is a good idea to tight the solution of requesting user permission, to not leak IP information, as theoretically a user could be interested in using webrtc (audio/video/datachannels) and still don't disclose their public IP address (i.e. forcing all the data to go via a TURN server). One possible solution would be that the browser don't gather/announce host&reflexive candidates when an HTTP proxy is set, and only use turn relay candidates instead. The second solution (which I think it is already discussed somewhere else) would be to allow the user to configure a TURN server to override the app settings and force all connection to go through it. (Then build a chained-TURN infrastructure into TOR and you could have a killer combo ;) Regarding the issue that the browser becomes a CDN peer, not sure if anyone has ever raised the issue before. From my point of view, there is not, but in any case, I think it is orthogonal to the leak issue. Best regards Sergio On 11/07/2015 18:42, Daniel Roesler wrote: > Howdy all, this is mostly a re-surfacing of the discussion about IP > address leaking back in April[1], which unfortunately I did not > discover until recently. > > One of the items in the new proposal was "WebRTC already requires > permission to access getUserMedia. Why not use that permission to > control interface enumeration?" That item didn't really get discussed > much in the thread, but I think it's one of the most important issues. > > Why? There is now a documented case where a third party on nytimes.com > is using a fake webRTC datachannel to silently gather user local (and > potentially "real" ISP) IP addresses. > > https://twitter.com/incloud/status/619624021123010560 > > So I'd like to voice my support for adding a consent requirement that > would prevent this type of silent behavior. A user that is > purposefully visiting a site that has a legitimate reason for using a > webRTC data channel will have the necessary context to give consent, > just like they have to get consent on getUserMedia. > > I'm really unclear on why it's so important to have the silent webRTC > data channel behavior. P2P data connections should be held to the same > consent requirements just like P2P video and voice connections. In > addition to the silent third party local IP tracking, a silent P2P > data channel opens up users to silently becoming nodes in a web-based > file sharing network. For example, webtorrent[2] can be silently > embedded on a website so that all of the users to that website start > seeding content they don't know they are seeding. > > Possible fix: > > 1. Require user consent before calling the callback on createOffer(). > 2. If the user has already given consent via getUserMedia, the user > consent requirement is satisfied. > 3. If there's no previous gUM consent, then ask the user for consent. > > This implementation requires no updates to current webRTC demos, since > you have to wait for a callback on createOffer anyway. I'm open to > other ways, such as making createDataChannel asynchronous like gUM, > but that would require updates to existing apps that use > createDataChannel. > > Thanks! > Daniel Roesler > > [1]: https://www.ietf.org/mail-archive/web/rtcweb/current/msg14494.htm > [2]: https://github.com/feross/webtorrent > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount