[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #19026 [Obfuscation/Snowflake]: Remove local LAN address ICE candidates
#19026: Remove local LAN address ICE candidates
-----------------------------------+---------------------
Reporter: dcf | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-----------------------------------+---------------------
Comment (by dcf):
The WebRTC working draft touches on this issue:
https://www.w3.org/TR/2016/WD-webrtc-20160128/#revealing-ip-addresses
Even without WebRTC, the Web server providing a Web application will
know the public IP address to which the application is delivered. Setting
up communications exposes additional information about the browserâs
network context to the web application, and may include the set of
(possibly private) IP addresses available to the browser for WebRTC use.
Some of this information has to be passed to the corresponding party to
enable the establishment of a communication session.
Revealing IP addresses can leak location and means of connection; this
can be sensitive. Depending on the network environment, it can also
increase the fingerprinting surface and create persistent cross-origin
state that cannot easily be cleared by the user.
A connection will always reveal the IP addresses proposed for
communication to the corresponding party. The application can limit this
exposure by choosing not to use certain addresses using the settings
exposed by the [https://www.w3.org/TR/2016/WD-webrtc-20160128/#idl-def-
RTCIceTransportPolicy RTCIceTransportPolicy] dictionary, and by using
relays (for instance TURN servers) rather than direct connections between
participants. One will normally assume that the IP address of TURN servers
is not sensitive information. These choices can for instance be made by
the application based on whether the user has indicated consent to start a
media connection with the other party.
Mitigating the exposure of IP addresses to the application itself
requires limiting the IP addresses that can be used, which will impact the
ability to communicate on the most direct path between endpoints. Browsers
are encouraged to provide appropriate controls for deciding which IP
addresses are made available to applications, based on the security
posture desired by the user. The choice of which addresses to expose is
controlled by local policy (see [https://datatracker.ietf.org/doc/draft-
ietf-rtcweb-ip-handling/ RTCWEB-IP-HANDLING] for details).
The latter link is all about handling IP addresses with respect to
privacy:
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-ip-
handling/?include_text=1
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19026#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs