Re: [rtcweb] Fwd: [discuss-webrtc] PSA: Private IP addresses exposed by WebRTC changing to mDNS hostnames
Roman Shpount <roman@telurix.com> Wed, 14 August 2019 17:32 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5553120C6C for <rtcweb@ietfa.amsl.com>; Wed, 14 Aug 2019 10:32:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.877
X-Spam-Level:
X-Spam-Status: No, score=-1.877 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BzUhJCy61lHk for <rtcweb@ietfa.amsl.com>; Wed, 14 Aug 2019 10:32:41 -0700 (PDT)
Received: from mail-pg1-x52c.google.com (mail-pg1-x52c.google.com [IPv6:2607:f8b0:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEFD9120C6B for <rtcweb@ietf.org>; Wed, 14 Aug 2019 10:32:41 -0700 (PDT)
Received: by mail-pg1-x52c.google.com with SMTP id w10so53425504pgj.7 for <rtcweb@ietf.org>; Wed, 14 Aug 2019 10:32:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kTnozn1lOSKm0YBww1dWikC3CqOQuonfkezWx4aUaVU=; b=EhJJ5FSmytheMfHa/wo9ZLZYh8Dm6cYRbBgsAWBnhvb6vnhx2JjBu1YrYJYhy9F8Ic JEEzm3XihTIsK4Y0D4XqnA6ESiaPDrEOqSk7EtKiOF+CMWQ5XV4wQ0zQkuENqZxf454K eQDZSSrzy5U5r3abcucBlcjohz/Ypr2JeH4A8qL3Dg74Z2PJCoz7R26O9dPmCG682ooU 6BUdabO5iM/4ptyfMJt410Oofe69VorDZD0C5B+hGQmHje9lRB5x/mdm8Cn9qjJi+Vxk 8LFruiCkkCLFbGfbmYu2leTbTo4V/eFHlZz1h0c5AZCoPRjdmj5PJwH/ujiEItCnBz7K +hZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kTnozn1lOSKm0YBww1dWikC3CqOQuonfkezWx4aUaVU=; b=mEWK6Rsxu0jqgOBCyw+4l/unU+HHTChHN6f5DRWY61rQUc5B7GWHS3Vo1gwgbYh/UY hD2OE97wZ1BREdPTzb75y6QZDmOATyLPNbEAadI+BU/XfQl/L4OH6RyzipwJU1V3/f0X xd1MJ48hkd+dRkHe/aWbjNr2TssLyCy/UWQxojGXzOMHonIsDYBF5DcCH+OS7MKFCH3y 9Aky+mUoRX3fmSS0j/c/Dm+8QzbItI1I9UZ2t0QUlkv6Jui35rIqC/c7vPhwk1H3bHWi zNixzG8tDxZJDPagZB6hqeyJYDjAy8VpbWX7Od00UU19szKWkSb//RGtbiQdJ34W/3Qj uuGA==
X-Gm-Message-State: APjAAAUI0ch22uNaqgB86ldnA+HviIm2lVNB7wGt8elMRzRMjjbytsAo E+ki0yLP3dNVUJhIWkJf7C0bDQIYI0w=
X-Google-Smtp-Source: APXvYqw4epg5UTsRTva7jf9Hy8Evf5ogqxrEpQEV5g2a9pu7AqWNtw2l7nshJ1cIVY+3AeszS5XBTg==
X-Received: by 2002:a17:90b:911:: with SMTP id bo17mr793475pjb.40.1565803960545; Wed, 14 Aug 2019 10:32:40 -0700 (PDT)
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com. [209.85.214.180]) by smtp.gmail.com with ESMTPSA id k5sm407520pfg.167.2019.08.14.10.32.39 for <rtcweb@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 14 Aug 2019 10:32:39 -0700 (PDT)
Received: by mail-pl1-f180.google.com with SMTP id i2so51025991plt.1 for <rtcweb@ietf.org>; Wed, 14 Aug 2019 10:32:39 -0700 (PDT)
X-Received: by 2002:a17:902:30d:: with SMTP id 13mr506660pld.284.1565803959041; Wed, 14 Aug 2019 10:32:39 -0700 (PDT)
MIME-Version: 1.0
References: <1d124cbb-f9d3-4ba4-9bb0-0099cf3e7797@googlegroups.com> <CAOJ7v-0s6HC2YiKWXj1K_nXmx=gvrutPPYR4fOm7Gy0VJFJaSQ@mail.gmail.com>
In-Reply-To: <CAOJ7v-0s6HC2YiKWXj1K_nXmx=gvrutPPYR4fOm7Gy0VJFJaSQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 14 Aug 2019 13:32:36 -0400
X-Gmail-Original-Message-ID: <CAD5OKxvVRkgPhMAkH7rAsXOjfzEw-Gc1rSp_WmOdZzJ17U+cbA@mail.gmail.com>
Message-ID: <CAD5OKxvVRkgPhMAkH7rAsXOjfzEw-Gc1rSp_WmOdZzJ17U+cbA@mail.gmail.com>
To: Justin Uberti <juberti=40google.com@dmarc.ietf.org>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c4453305901724e1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/gITacyJlinIcJZzaMVDQMCISOII>
Subject: Re: [rtcweb] Fwd: [discuss-webrtc] PSA: Private IP addresses exposed by WebRTC changing to mDNS hostnames
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Aug 2019 17:32:45 -0000
Hi Justin, In the statistics that you are providing, does this mean 2% of total connections attempts are affected or 2% of web sites which do data channel connections are affected? If this is the former, then a few applications that are responsible for large number of data channel connections that were updated to support mDNS will drown out things which are affected. Also, have you tested this on mobile platforms or is this just on desktop? I am really curios how well this will work on large dual stack mobile network. Have you looked separately on the connection failure rate when STUN servers are not used? Such applications would be affected by this change at a much higher degree. The PSA mentions STUN vs no-STUN but it is hard to decipher the actual failure rate in each of the cases. Have you collected any statistics on receive only media connections, such as web conferencing applications that allow the user to continue in listen only mode when user does not have or denies microphone access? In our case, this was the scenario which was most affected and deployments of fixes to work around this are still in progress with our customers. Has the interop with Firefox ESR ever been addressed? What is the proposed solution here? On the specification note, I would still consider rtcweb-mdns-ice-candidates to be fairly raw and not ready for production implementations. I would hope it would at least be ready for WGLC before something that implements it goes into production. At this point, there is high probability that the final version of this draft will require something somewhat different from what is currently implemented in Chrome now. Best Regards, _____________ Roman Shpount On Tue, Aug 13, 2019 at 6:54 PM Justin Uberti <juberti= 40google.com@dmarc.ietf.org> wrote: > FYI, empirical results of deploying mDNS at scale. TL;DR: downside is low, > ~2% impact to data channel connection rate between Chrome instances, > somewhat higher when connecting to non-Chrome, likely due to issues > handling mDNS candidates, which should be temporary. > > In the absence of any showstopper feedback, planning to roll this out > fully later this month. > > ---------- Forwarded message --------- > From: 'Qingsi Wang' via discuss-webrtc <discuss-webrtc@googlegroups.com> > Date: Tue, Aug 13, 2019 at 2:33 PM > Subject: [discuss-webrtc] PSA: Private IP addresses exposed by WebRTC > changing to mDNS hostnames > To: discuss-webrtc <discuss-webrtc@googlegroups.com> > > > Summary > > WebRTC currently lets web applications discover private IP addresses to > enable direct connectivity between hosts on a local network. While private > IP addresses do not uniquely identify browser users, they may still be used > for tracking purposes. To prevent this misuse, private IP addresses > returned by RTCPeerConnection will now be masked with mDNS hostnames in > certain situations. While this change should be transparent to most WebRTC > applications, some developers may need to update their client and backend > services. > > This change is currently enabled for 50% of Chrome users, and is expected > to fully roll out in August 2019 as part of the Chrome 76 release. WebRTC > services can verify whether their services are affected by setting the > following flag in Chrome 73 or later: > chrome://flags/#enable-webrtc-hide-local-ips-with-mdns > > Why are we doing this? > > We have observed a trend of web sites using WebRTC specifically to obtain > private IP addresses, presumably for tracking purposes. Accordingly, we > have collaborated with other browser vendors to address this problem by > using mDNS hostnames instead of private IP addresses in WebRTC, as > described in this pending IETF spec > <https://tools.ietf.org/html/draft-ietf-rtcweb-mdns-ice-candidates-03>. > We have also experimentally verified the efficacy of the mDNS technique, > following the initial announcement of this feature in January > <https://groups.google.com/forum/#!msg/discuss-webrtc/4Yggl6ZzqZk/nV24XkXXAQAJ> > . > > Impact on applications > > When the feature is active, private IP addresses in ICE host candidates > will be replaced by an mDNS hostname, e.g., > 1f4712db-ea17-4bcf-a596-105139dfd8bf.local. Currently, this feature is > active for all sites except those that have getUserMedia permissions, which > are presumed to have a higher degree of user trust. > > WebRTC services that do not support addresses in the above format may be > impacted, causing sessions to fail or use a less direct connection path. WebRTC > services may be especially affected if they parse out addresses from > RTCSessionDescription or RTCIceCandidate objects and assume those addresses > are IP addresses, or have server components that do the same. In > particular, older versions of the libnice library, used by some > applications, do not parse such addresses properly.. > > Impact on connectivity > > mDNS does not work in all situations; on some networks, mDNS may be > disabled, or an endpoint may be too many hops away to resolve an mDNS > hostname. In these cases, fallback to STUN will be required, and this may > sometimes fail; as such, some amount of impact on connection success rate > is to be expected. > > > > From a broad analysis of peer-to-peer connections in the experimental > deployment, the overall impact of mDNS on connectivity is modest, a 2% > (relative) reduction in connection rate when mDNS was used by Chrome on > both sides. In this population, the percentage of successful connections > that used STUN on one side or the other increased from 94% to 97%, with a > corresponding decrease in host-to-host connections. We believe the > connectivity impact stems primarily from connections that previously worked > host-to-host, but do not work with mDNS, and cannot fall back to STUN due > to lack of hairpin support in the NAT. > > > > Somewhat surprisingly, for connections between Chrome and non-mDNS > endpoints, we observed a larger impact, roughly 3% (relative) reduction in > connection rate when the remote side supplied private IPs and 7% (relative) > when the remote side supplied only public IPs. While mDNS should have zero > impact in these cases, we believe this is explained by problems triggered > by mDNS in third-party ICE stacks, including the aforementioned issues > regarding parsing mDNS candidates as well as issues discovering > peer-reflexive candidates from ICE connectivity checks. > > > > Given the success of the mDNS technique in combating tracking via private > IP addresses, we believe this small impact on connection rate is an > acceptable tradeoff. We will continue to investigate improvements to this > technique to further minimize the downsides. > > General recommendations > > Improvements in Chrome are frequently rolled out as experiments and deploy > first in Chrome Canary and the pre-stable Dev and Beta versions. Important > experiments are also announced via email at the start of the rollout. We > highly recommend WebRTC developers to: > > - > > Join blink-dev > <https://groups.google.com/a/chromium.org/forum/#!forum/blink-dev> and > discuss-webrtc <https://groups.google.com/forum/#!forum/discuss-webrtc> > to follow PSAs and other important announcements > - > > Systematically test in Chrome Canary > <https://www.google.com/chrome/canary/> to see how your application > behaves with upcoming Chrome changes > - > > Provide feedback on the relevant bugs/forum threads > > -- > > --- > You received this message because you are subscribed to the Google Groups > "discuss-webrtc" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to discuss-webrtc+unsubscribe@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/discuss-webrtc/1d124cbb-f9d3-4ba4-9bb0-0099cf3e7797%40googlegroups.com > <https://groups.google.com/d/msgid/discuss-webrtc/1d124cbb-f9d3-4ba4-9bb0-0099cf3e7797%40googlegroups.com?utm_medium=email&utm_source=footer> > . > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] Fwd: [discuss-webrtc] PSA: Private IP ad… Justin Uberti
- Re: [rtcweb] Fwd: [discuss-webrtc] PSA: Private I… Roman Shpount
- Re: [rtcweb] Fwd: [discuss-webrtc] PSA: Private I… Justin Uberti