Yep that's basically what WebRTC data channels do. And the NYT was abusing it to get your "real" IP to fingerprint users better.
WebRTC should always be gated behind permissions. Most uses are video/audio, which already require a prompt, so no problem. Other websites shouldn't have this capability, so annoying users is no problem. But that's not very palatable, as it means acknowledging that WebRTC data doesn't really belong on the wider web.
Honestly, what are the real good uses for it outside of media? Games? WebTorrent?
I'm rather annoyed that such a feature was deployed, giving any webpage the ability to override my proxy settings or otherwise change the normal browser networking behaviour.
localstorage, separate widget localstorage, separate userjs storage, Web SQL - you could limit/disable/define everything with fine granularity(disabled, quota, popup if quota exceeded) globally and per domain.
opera:config#PersistentStorage
Can you imagine something as crazy as letting user decide which sites are allowed to run Javascript? use localstorage? leave permanent cookies? use plugins? or something as weird as defining custom useragent string per website? All possible in Old Opera, No other browser will let you do that now afaik.
Today? Today you get Firefox forcing Pocket, Google serving Voice control binary blob, and all around people coming up with things that cant be fine tuned at the user level like webRTC. We are slowly moving to a point (wtf webassembly) to a point we will lose any control over whats flowing down the wire from the server and runs on our computers.
No. Last time I checked they didnt have 'preferences per domain' functionality :(
Not to mention 100 tabs open in Opera 12.xx takes ~1.4GB of ram, Blink uses up to couple of hundred megabytes per tab. Not to mention the little things, like a proper tab configuration (minimize on click, close disable button), custom mouse gestures?
Dont get me wrong, I still have it installed along with newest Opera, but they are my 'something doesnt work in 12.x' browsers.
>Honestly, what are the real good uses for it outside of media? Games? WebTorrent?
You could use it to implement p2p collaborative editing in a productivity app, which could actually give you privacy and security benefits that aren't available when a central server is involved.
No, I don't think this is correct. WebRTC requires you to trust the server (webpage) - there's no way to verify a peer. Think: from an end user perspective, what's the difference between an editor using websockets vs one using data channels? Nothing; they appear totally identical.
So sure, your data might go direct, offering therorical security. Similar to how Stripe and Braintree don't improve security against a malicious server (just change the form/js and it's game over), but help against accidental problems. But this isn't truly providing the end user any guarantees. But it's good marketing. Like Cryptocat.
Keeping features out because of privacy concerns is misguided, since it's a lost cause. Look into browser fingerprinting. There are just so many vectors for tracking Web browsing behavior... literally hundreds. The only way to truly browse privately is behind a VPN or TOR from inside a virtual machine with no non-volatile storage so that everything is wiped between each VM execution.
Security is a legitimate concern, but the browser is already completely exposed since it downloads and runs arbitrary code all day long.
I do have some objection to WebRTC but it's more architectural. WebRTC is overly complex, overly monolithic, and bloated. It tries to do too many things with one standard.
Except Tor no longer works as WebRTC ignores your connection settings (in Firefox anyways, I think). Up til now the networking for a browser has been straightforward, now it's got a whole extra model that's unneeded by default, yet enabled anyways.
Also, as per EFF's Panopticlick, fingerprinting isn't nearly a lost cause. And even then it's thrown off by changing UAs due to updating versions.
That's neat, but oughtn't the browser be respecting the proxy settings by default? If tags like <img> added an "ignoreproxy" attribute, folks would be rightfully upset, wouldn't they? So why should data channels be any different? (Video/audio is fine as the user is notified first.)
While I agree with the advice, it's not useless. If you run a normal browser with no plugins via Tor, your IP won't leak except via exploits. WebRTC leaks by design, then handwaves browser fingerprinting as a shield.
Panopticlick is thrown off course but that's just because they don't actually try to track you persistently. Any party that does want to track you will use many more channels than just the UA and will happily re-acquire you if all you just did was upgrade your browser.
If you:
- upgrade your browser
- switch to a new IP
- wipe all your cookies
- change your browsing habits dramatically
(don't visit the same 10 websites over and over again)
Panopticlick does use several methods. But, by far, the biggest thing is the UA (and most likely measured incorrectly as I explained). I'd bet using a popular OS/browser probably only leaks like 4 bits' worth. The next highest thing is resolution, but only because I tried it on a phone with unusual settings (Huawei Mate 2 with scaling).
IP address is a big one, but if browsers respected your explicit proxy settings instead of ignoring it for WebRTC, then changing it is easy. History, supercookies, and other stuff is taken care of by private mode, or, at worst, wiping out all browser info (private mode doesn't clear HSTS).
My point is that all is not lost, that supercookies are not a given. Thus saying WebRTC gets a free pass because things are already broken is simply wrong and a misleading argument to push data channels in where they don't belong.
> Keeping features out because of privacy concerns is misguided, since it's a lost cause. Look into browser fingerprinting. There are just so many vectors for tracking Web browsing behavior... literally hundreds.
This doesn't mean we should make an existing problem worse.
That horse has left the barn and is half-way to Alpha Centauri. The right way to achieve private browsing is with isolated VMs with randomized browser settings and characteristics, and you can do that with or without WebRTC.
> The only way to truly browse privately is behind a VPN or TOR from inside a virtual machine with no non-volatile storage so that everything is wiped between each VM execution.
And even then you might want to consider building a new image each time with a random os / browser combo. Be sure to install some random toolbars and extensions and enable random configuration options too or else you might just end up leaving handprints instead.
Separation of concerns, and individually useful APIs that DWTADIW and out of which a more diverse set of things can be constructed. WebRTC is a monolithic all-or-nothing blob of capabilities tied too closely to specific use cases like video chat.
A UDP API for sockets (with user approval required and some restricrions), then perhaps ICE or maybe that should be in JS. Then an audio/video sampling and compression API.
Downloading isn't a concern, as websites can already force you to download a file. <img src=...> The new risk is P2P connections that bypass HTTP settings, and perhaps uploading. (You could already upload by making a POST, so it's only in combination with P2P stuff that this is novel.)
If WebRTC prompted or forced use of the HTTP connection settings in the browser, I'd have no issue with it.
That's true but this combination allows for first downloading then serving up illegal content to many consumers and the penalties for that are much harsher. A post would go to one place only (normally speaking) and would not suddenly allow your browser to become server, making you a point of distribution.
So instead of "Someone else did it on my WiFi", people will now say "I didn't transfer those files, a webpage did it without my knowledge". Sounds like a much more solid excuse actually.
WebRTC should always be gated behind permissions. Most uses are video/audio, which already require a prompt, so no problem. Other websites shouldn't have this capability, so annoying users is no problem. But that's not very palatable, as it means acknowledging that WebRTC data doesn't really belong on the wider web.
Honestly, what are the real good uses for it outside of media? Games? WebTorrent?
I'm rather annoyed that such a feature was deployed, giving any webpage the ability to override my proxy settings or otherwise change the normal browser networking behaviour.