[rtcweb] Relaying for privacy
Martin Thomson <martin.thomson@gmail.com> Wed, 16 May 2012 18:56 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B713C21F8620 for <rtcweb@ietfa.amsl.com>; Wed, 16 May 2012 11:56:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.728
X-Spam-Level:
X-Spam-Status: No, score=-3.728 tagged_above=-999 required=5 tests=[AWL=-0.129, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6aSXJvcIZbRj for <rtcweb@ietfa.amsl.com>; Wed, 16 May 2012 11:56:16 -0700 (PDT)
Received: from mail-bk0-f44.google.com (mail-bk0-f44.google.com [209.85.214.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8F46121F85FB for <rtcweb@ietf.org>; Wed, 16 May 2012 11:56:16 -0700 (PDT)
Received: by bkty8 with SMTP id y8so1067318bkt.31 for <rtcweb@ietf.org>; Wed, 16 May 2012 11:56:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=CuBzwE66wdSAXD3HIrEGQ/4MwNoTJZv0h43WB9OOUrk=; b=afF4SMNORr/4w5t6NGGtHPdL+izlvPAdZzXpTvGokoBYkLNYKqX7/hWVSXvwV/khkU b0HTKtUfP01lV4Qor62Qxeh9p4nRvf5kx2Kr0ub6XanoWRhrMX04LlatEP+aBv98VnC0 20uaCelWMQhyZDjxZzgj6kzR7ipUnoCfXPNcAfFss1Y2/pjnGntSBlnaEnSfHSHdit8G K+5fOk8U0ManPKrvcUnBb6xTuEGlZ4D/uVuhMz7dY0jcopc/nQO+FOJ4u5c68hY7aUCK uUMo9C2HQezEhzVRj92j3s9vyNMVrzoED3ayJoVHhbuJfv0+eC9whMPf2AAp9Wys6WSZ M+2A==
MIME-Version: 1.0
Received: by 10.204.152.13 with SMTP id e13mr1692524bkw.46.1337194575539; Wed, 16 May 2012 11:56:15 -0700 (PDT)
Received: by 10.204.66.4 with HTTP; Wed, 16 May 2012 11:56:15 -0700 (PDT)
Date: Wed, 16 May 2012 11:56:15 -0700
Message-ID: <CABkgnnWEqqAD0rPrFK3mj5jBCoqmyPTY_PFgVyg8t84egN0Baw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Subject: [rtcweb] Relaying for privacy
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 18:56:17 -0000
On 15 May 2012 18:31, Cullen Jennings <fluffy@cisco.com> wrote: > Might want to add to some use case that when A calls B, and B does not reveal their IP address to A. I agree, but it's questionable whether this is something we (ietf/w3c...browsers) need to solve the problem or whether we can rely on sites respecting privacy appropriately. Obviously, it's quite simple to allocate a relay for all new sessions in the browser. The hard part is knowing when it is OK to reveal host/reflexive candidates so that the call can proceed without relaying. - Is it when the user grants permission for the site to use microphone/camera? This seems wrong. An individual desire for privacy is often based on who is asking, which in this case is A, not the site. It's plausible that the site can be given permission to access mic/camera prior to the call arriving. - Is it when the user indicates acceptance of the call? I don't think that the plan is to signal acceptance through chrome, so this would have to rely on cues from the site, such as calling createAnswer. At that point, if the site wants the media off the relay, they now have an incentive to fake acceptance. The same applies to relying on any other cues from the site, including faking the _initiation_ of the call, which can be done from both A and B. - Is there special chrome that enables this? Adding more chrome doesn't sound like a great idea to me, but maybe this behaviour could be tied to the various "private/incognito mode" options in the browser. I did have another related thought, but distractions erased it.
- Re: [rtcweb] Relaying for privacy Eric Rescorla
- [rtcweb] Relaying for privacy Martin Thomson
- Re: [rtcweb] Relaying for privacy Justin Uberti
- Re: [rtcweb] 答复: Relaying for privacy Eric Rescorla
- [rtcweb] 答复: 答复: Relaying for privacy 邓灵莉/denglingli
- [rtcweb] 答复: 答复: 答复: Relaying for privacy 邓灵莉/denglingli
- Re: [rtcweb] 答复: 答复: 答复: Relaying for privacy Martin Thomson
- [rtcweb] 答复: 答复: 答复: 答复: Relaying for privacy 邓灵莉/denglingli
- Re: [rtcweb] 答复: Relaying for privacy Martin Thomson
- Re: [rtcweb] Relaying for privacy Cullen Jennings (fluffy)
- [rtcweb] 答复: Relaying for privacy Sunyang (Eric)
- Re: [rtcweb] 答复: Relaying for privacy Dan Wing
- Re: [rtcweb] 答复: Relaying for privacy Eric Rescorla
- Re: [rtcweb] 答复: Relaying for privacy Dan Wing
- Re: [rtcweb] 答复: Relaying for privacy Eric Rescorla
- Re: [rtcweb] 答复: Relaying for privacy Dan Wing
- Re: [rtcweb] 答复: Relaying for privacy Martin Thomson
- Re: [rtcweb] 答复: Relaying for privacy Randell Jesup