✨ Feature Suggestion | WebRTC info box / wiki / something near the VoIP section about profiles/users #1815
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1815
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
We are telling people to disable WebRTC, but not why and with the COVID-19 pandemic a lot of WebRTC based tools are popular.
I think we should have a infobox telling why to disable WebRTC or at least how to temporarily enable WebRTC.
To answer the latter question, I would mention:
firefox --ProfileManager
andabout:profiles
and how creating a separate profile just for WebRTC (or to simplify it, JitsiMeet*When the user is using a different profile or user account, they are missing all the tweaks and extensions from their normal browser and thus WebRTC is more likely to work with less pain than unloading extensions and tweaking
about:config
.I don't know how well known those features are, but they are how I handle WebRTC and also some people I presume technical have found them useful.
Heavily related: #1814 (at least in my mind)
I think this might be a good idea actually
FYI, Chromium does not expose private IP addresses any more unless A/V permissions have been granted (which I think is a questionable move but that is another matter). They use mDNS to conceal private IP addresses.
For Firefox, this is still an open issue.
So, you can think of partially dropping this recommendation (if the exposed IP addresses were the only reason).
We seem to already have a "related information" below VoIP, so maybe the WebRTC infobox could go there.
I think dropping the recommendation would be a separate issue and this infobox would still be necessary as there are extensions blocking WebRTC and I don't know what they are in my usual setup, but I think it may be something popular like PrivacyBadger or µMatrix.
Does this mean that they use
hostname.local
addresses and leak that identifiable bit of information?No, it is supposed to be a random UUID, so
<UUID.local>
. See https://github.com/rtcweb-wg/mdns-ice-candidates for details.That being said, last time I fiddled around with it, there were some issues with it that can leak information about the whole private network. The related Chromium issue is currently not publicly visible, so I don't think they have fixed it, yet.
I'm not sure we should be recommending people use Firefox with Jitsi because of https://github.com/privacytoolsIO/privacytools.io/issues/1814 hmm.
I believe we can close this as we have a warning for Jitsi:
Thought you might be interested: This is now active in Firefox (75 but probably also in older versions), too. Try it yourself:
.local
mDNS names with random UUIDs.Personally, I believe there are further reasons why TOR disables WebRTC. The whole peer-to-peer concept is detrimental to their main use case. Even being able to see the public IP is undesirable in their case, so I don't think the description fits.
Anyway, if IP leaking was your only concern, you can consider dropping it.
I think that was the main reason.
I checked this in 68.7ESR, and it does leak the IP, whereas you're right Firefox 75 does not. Debian has the ESR version in their repositories.
So maybe need to modify the warning. I tried it a few times and the UUID changed each time with Firefox 75.
I wonder if @Thorin-Oakenpants has anything to add about this? Should we even bother with the
media.peerconnection.enabled
setting or any of those, for 75+ (or whenever they added thatNot my area of expertise - and there are other reasons, but I'd have to check, as to why WebRTC is disabled.
If you look in the diffs at ghacks user.js: there have been some WebRTC prefs and changes in core FF: I say recently, but that's subjective: but certainly since 68/ESR. One of which
weEarthlng tried to bring to @gorhill 's attention in this comment, at the endhere's a couple
flipped in FF74
pref("media.peerconnection.ice.obfuscate_host_addresses", true); // prev: false
added in Ff70
pref("media.peerconnection.ice.proxy_only_if_behind_proxy", false)