[rtcweb] Please require user consent for data channels
Daniel Roesler <diafygi@gmail.com> Sat, 11 July 2015 16:43 UTC
Return-Path: <diafygi@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A16EB1A9004 for <rtcweb@ietfa.amsl.com>; Sat, 11 Jul 2015 09:43:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SQEdAO9a0IN2 for <rtcweb@ietfa.amsl.com>; Sat, 11 Jul 2015 09:43:00 -0700 (PDT)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16DA01A8FD5 for <rtcweb@ietf.org>; Sat, 11 Jul 2015 09:43:00 -0700 (PDT)
Received: by qkdv3 with SMTP id v3so31278005qkd.3 for <rtcweb@ietf.org>; Sat, 11 Jul 2015 09:42:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=iAt8icM0CXjgOCiZD1Iece40aVG+Y1EXKp31lbPVLhY=; b=U7QboQLfn3pHyG7v81YcX5W3njYp3mWFjJQzCFbdm59Pa7UPdJp2Etqg4al7hzf2o0 UHH/atO2GA3EwGa3JBZafoqxhqiw7VDhCh6kEb65GDxPiJ7Co88V5iJSgsuOj5MhG4H8 qsbNzJnnD238HhWzptcKoEGxTcXbyfkKzTAcTPJgGUL5PPow3uB1AXXkv/UuboZ2qDNO LFb3i7ZmajjSAor/v49M1V9DlyZyup6OH1w9FU0ZqNSDnElW56mc8t1AU02yYl2EHH6T rK9IWqS6noKKF2yv5hfZlfNQDIXETAHJESb8eG/cnRQbeQyV9wO5SGhLvBoWmcrwKLOn 5oyg==
X-Received: by 10.55.31.85 with SMTP id f82mr40764734qkf.88.1436632979319; Sat, 11 Jul 2015 09:42:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.140.108.130 with HTTP; Sat, 11 Jul 2015 09:42:29 -0700 (PDT)
From: Daniel Roesler <diafygi@gmail.com>
Date: Sat, 11 Jul 2015 09:42:29 -0700
Message-ID: <CA+65OspMD_PVjk0BXh7t4LtjmFDcDatoeNjFQOO_OVtC-Br+OA@mail.gmail.com>
To: rtcweb@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/Vlk8amPqF7E3Shi9eMxcakmqyv8>
Subject: [rtcweb] Please require user consent for data channels
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Jul 2015 16:43:01 -0000
Howdy all, this is mostly a re-surfacing of the discussion about IP address leaking back in April[1], which unfortunately I did not discover until recently. One of the items in the new proposal was "WebRTC already requires permission to access getUserMedia. Why not use that permission to control interface enumeration?" That item didn't really get discussed much in the thread, but I think it's one of the most important issues. Why? There is now a documented case where a third party on nytimes.com is using a fake webRTC datachannel to silently gather user local (and potentially "real" ISP) IP addresses. https://twitter.com/incloud/status/619624021123010560 So I'd like to voice my support for adding a consent requirement that would prevent this type of silent behavior. A user that is purposefully visiting a site that has a legitimate reason for using a webRTC data channel will have the necessary context to give consent, just like they have to get consent on getUserMedia. I'm really unclear on why it's so important to have the silent webRTC data channel behavior. P2P data connections should be held to the same consent requirements just like P2P video and voice connections. In addition to the silent third party local IP tracking, a silent P2P data channel opens up users to silently becoming nodes in a web-based file sharing network. For example, webtorrent[2] can be silently embedded on a website so that all of the users to that website start seeding content they don't know they are seeding. Possible fix: 1. Require user consent before calling the callback on createOffer(). 2. If the user has already given consent via getUserMedia, the user consent requirement is satisfied. 3. If there's no previous gUM consent, then ask the user for consent. This implementation requires no updates to current webRTC demos, since you have to wait for a callback on createOffer anyway. I'm open to other ways, such as making createDataChannel asynchronous like gUM, but that would require updates to existing apps that use createDataChannel. Thanks! Daniel Roesler [1]: https://www.ietf.org/mail-archive/web/rtcweb/current/msg14494.htm [2]: https://github.com/feross/webtorrent
- [rtcweb] Please require user consent for data cha… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Lorenzo Miniero
- Re: [rtcweb] Please require user consent for data… Michael Tuexen
- Re: [rtcweb] Please require user consent for data… tim panton
- Re: [rtcweb] Please require user consent for data… Bernard Aboba
- Re: [rtcweb] Please require user consent for data… Matthew Kaufman
- Re: [rtcweb] Please require user consent for data… Timothy B. Terriberry
- Re: [rtcweb] Please require user consent for data… Victor Pascual Avila
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Eric Rescorla
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Stephen Farrell
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Justin Uberti
- Re: [rtcweb] Please require user consent for data… Martin Thomson
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Please require user consent for data… Harald Alvestrand
- Re: [rtcweb] Please require user consent for data… Sergio Garcia Murillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Daniel Roesler
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Simon Perreault
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Jonathan Lennox
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Iñaki Baz Castillo
- Re: [rtcweb] Please require user consent for data… Tim Panton
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Roman Shpount
- Re: [rtcweb] Please require user consent for data… Ted Hardie
- Re: [rtcweb] Please require user consent for data… Randell Jesup
- Re: [rtcweb] Please require user consent for data… Roman Shpount