Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identify misbehaving origins by webrtc data channel misuse #2102

Open
dkg opened this issue Jul 17, 2018 · 6 comments
Open

identify misbehaving origins by webrtc data channel misuse #2102

dkg opened this issue Jul 17, 2018 · 6 comments
Labels
enhancement help wanted heuristic Badger's core learning-what-to-block functionality

Comments

@dkg
Copy link

dkg commented Jul 17, 2018

@wseltzer and i were in the rtcweb discussion at IETF today, and there are several ways that webrtc can be used to gain additional private information about users, or to link concurrent private sessions.

for example, opening a webrtc data channel, collecting the ICE connection candidate IP addresses, and then closing the data channel.

It would be great if privacy badger were to detect this kind of misbehavior from an origin, and use it to identify the origin as something worth blocking.

(i did a skim of the codebase and the Changelog and didn't see anything like this, but maybe PB is already doing this. if so, feel free to close this report, thanks!)
@dkg
Copy link
Author

dkg commented Jul 17, 2018
edited
Loading

another attack is to link private browsing tabs with non-private browsing tabs. this is done by an origin responsible for two different webpages. it makes each page try to establish a webrtc channel with each other; measuring the latency between the two pages can provide an indication of whether they are on the same host.
@ghostwords ghostwords added enhancement heuristic Badger's core learning-what-to-block functionality labels Jul 17, 2018
@ghostwords
Copy link
Member

Could you expand on that second attack? I don't understand how it works exactly or where Privacy Badger would come in.
@wseltzer
Copy link

The final slide of https://datatracker.ietf.org/meeting/102/materials/slides-102-rtcweb-ip-handling-00 re context linkage
@dkg
Copy link
Author

dkg commented Jul 17, 2018

sorry about that -- it was pretty confusedly written, and i'm pretty fried :) I've just given it an edit to try to make it a bit clearer. hopefully wendy's pointer is helpful too. but feel free to ask more questions.
@dkg
Copy link
Author

dkg commented Jul 18, 2018

so what i could imagine for detection of the second attack would be PrivacyBadger keeping track of tabs that are making webrtc connections to other tabs.
@ghostwords
Copy link
Member

Aha, gotcha, thank you.

I think enabling the optional "Prevent WebRTC from leaking local IP address" setting would block both attacks (and make detection impossible). (When enabled, the WebRTC IP handling policy is set to Mode 4 (disable_non_proxied_udp) of https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-01#page-5.)

Since we keep this setting off by default, we could certainly try to add detection for suspicious WebRTC use patterns in the future.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement help wanted heuristic Badger's core learning-what-to-block functionality
3 participants
@dkg @wseltzer @ghostwords