[api]

Keeping features out because of privacy concerns is misguided, since it's a lost cause. Look into browser fingerprinting. There are just so many vectors for tracking Web browsing behavior... literally hundreds. The only way to truly browse privately is behind a VPN or TOR from inside a virtual machine with no non-volatile storage so that everything is wiped between each VM execution.

Security is a legitimate concern, but the browser is already completely exposed since it downloads and runs arbitrary code all day long.

I do have some objection to WebRTC but it's more architectural. WebRTC is overly complex, overly monolithic, and bloated. It tries to do too many things with one standard.

[MichaelGG]

Except Tor no longer works as WebRTC ignores your connection settings (in Firefox anyways, I think). Up til now the networking for a browser has been straightforward, now it's got a whole extra model that's unneeded by default, yet enabled anyways.

Also, as per EFF's Panopticlick, fingerprinting isn't nearly a lost cause. And even then it's thrown off by changing UAs due to updating versions.

[pthatcherg]

You can control WebRTC's network behavior, including forcing it to go through a proxy, by using this Chrome extension:

https://chrome.google.com/webstore/detail/webrtc-network-lim...

It's published by the Chrome WebRTC (of which I am a member) for just that purpose: to let you control that behavior.

[MichaelGG]

That's neat, but oughtn't the browser be respecting the proxy settings by default? If tags like <img> added an "ignoreproxy" attribute, folks would be rightfully upset, wouldn't they? So why should data channels be any different? (Video/audio is fine as the user is notified first.)

[api]

Don't use Tor this way; browser fingerprinting makes it useless regardless of WebRTC. Use a Tor bundle in a VM.

[MichaelGG]

While I agree with the advice, it's not useless. If you run a normal browser with no plugins via Tor, your IP won't leak except via exploits. WebRTC leaks by design, then handwaves browser fingerprinting as a shield.

[jacquesm]

Panopticlick is thrown off course but that's just because they don't actually try to track you persistently. Any party that does want to track you will use many more channels than just the UA and will happily re-acquire you if all you just did was upgrade your browser.

If you:

- upgrade your browser

- switch to a new IP

- wipe all your cookies

- change your browsing habits dramatically

(don't visit the same 10 websites over and over again)

Then maybe you could avoid re-acquisition.

[MichaelGG]

Panopticlick does use several methods. But, by far, the biggest thing is the UA (and most likely measured incorrectly as I explained). I'd bet using a popular OS/browser probably only leaks like 4 bits' worth. The next highest thing is resolution, but only because I tried it on a phone with unusual settings (Huawei Mate 2 with scaling).

IP address is a big one, but if browsers respected your explicit proxy settings instead of ignoring it for WebRTC, then changing it is easy. History, supercookies, and other stuff is taken care of by private mode, or, at worst, wiping out all browser info (private mode doesn't clear HSTS).

My point is that all is not lost, that supercookies are not a given. Thus saying WebRTC gets a free pass because things are already broken is simply wrong and a misleading argument to push data channels in where they don't belong.

[JupiterMoon]

Surely one should use the Tor browser bundle these days?

[TazeTSchnitzel]

> Keeping features out because of privacy concerns is misguided, since it's a lost cause. Look into browser fingerprinting. There are just so many vectors for tracking Web browsing behavior... literally hundreds.

This doesn't mean we should make an existing problem worse.

[api]

That horse has left the barn and is half-way to Alpha Centauri. The right way to achieve private browsing is with isolated VMs with randomized browser settings and characteristics, and you can do that with or without WebRTC.

[c22]

> The only way to truly browse privately is behind a VPN or TOR from inside a virtual machine with no non-volatile storage so that everything is wiped between each VM execution.

And even then you might want to consider building a new image each time with a random os / browser combo. Be sure to install some random toolbars and extensions and enable random configuration options too or else you might just end up leaving handprints instead.

[pthatcherg]

What kind of an RTC API would you like to see?

[api]

Separation of concerns, and individually useful APIs that DWTADIW and out of which a more diverse set of things can be constructed. WebRTC is a monolithic all-or-nothing blob of capabilities tied too closely to specific use cases like video chat.

A UDP API for sockets (with user approval required and some restricrions), then perhaps ICE or maybe that should be in JS. Then an audio/video sampling and compression API.