Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

2002: media.peerconnection.ice.* #580

Closed
1 task done
Thorin-Oakenpants opened this issue Dec 9, 2018 · 11 comments
Closed
1 task done

2002: media.peerconnection.ice.* #580

Thorin-Oakenpants opened this issue Dec 9, 2018 · 11 comments

Comments

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Dec 9, 2018

  • better info, re changes in 51 to both prefs
    • too hard to do file
  • add a [TEST]

original post

/* 2002: limit WebRTC IP leaks if using WebRTC
 * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
 * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
user_pref("media.peerconnection.ice.default_address_only", true); // (FF42-FF50)
user_pref("media.peerconnection.ice.no_host", true); // (FF51+)

Both of these are being reset to default false when FF restarts. And the first one, it's not deprecated, whats the 42-50 bit about?

@Thorin-Oakenpants
Copy link
Contributor Author

OK, it's uBO's "Prevent WebRTC from leaking local IP addresses" (info icon links to here)

  • checked, it resets those two prefs to default false
  • unchecked, it sets them to false (not sure if that's directly uBO, or FF using my previous state)

With Firefox 42 and higher AND uBlock Origin 1.3.4 and higher, it is possible to prevent local IP addresses leakage without completely disabling WebRTC.

If you're wanting to actually plug leaks (and WebRTC is enabled), uBO needs those prefs in order to do its plugging leaks job - @gorhill is that correct? Are those the only two prefs it flips? TIA


Us:

  • Do we need to add something here to the user.js (since uBO overrides them, it does no harm to say nothing)
  • We could add this info to the Prefs vs Extensions sticky
  • and again, what's up with the 42-50 FF versioning - is it not used in FF51+ ?

@gorhill
Copy link

gorhill commented Dec 9, 2018

uBO uses the privacy extension API to set webRTCIPHandlingPolicy to disable_non_proxied_udp.

From the code, it seems only the config media.peerconnection.ice.proxy_only should be touched: https://searchfox.org/mozilla-central/source/toolkit/components/extensions/parent/ext-privacy.js#112.

uBO uses clear() when the setting is unchecked in uBO, which means that the setting should return to the state it was before uBO changed it.

@Atavic
Copy link

Atavic commented Dec 9, 2018

FF ESR 52.0 has media.peerconnection.ice.default_address_only entry with false as default.

@gorhill
Copy link

gorhill commented Dec 9, 2018

My comment was how it works in Firefox 60+. Firefox 52 ESR is obsolete.

@Atavic
Copy link

Atavic commented Dec 9, 2018

I was replying to Pants:

what's up with the 42-50 FF versioning

@earthlng
Copy link
Contributor

you added that around October 3, 2016 but without mentioning any sources:

https://www.ghacks.net/2015/08/18/a-comprehensive-list-of-firefox-privacy-and-security-settings/#comment-3990128

this bug has some related information: https://bugzilla.mozilla.org/show_bug.cgi?id=1304600

test page (but I have no idea how you'd need to test that, probably need to be in a LAN to fully test if anything leaks): https://diafygi.github.io/webrtc-ips/

@Thorin-Oakenpants
Copy link
Contributor Author

Man .. I think the sooner I GitHub this, the easier to follow discussions and not miss things

Thank goodness we came to github and have records of everything now.

https://bugzilla.mozilla.org/show_bug.cgi?id=1297416 I think is the bugzilla

@Thorin-Oakenpants
Copy link
Contributor Author

https://bugzilla.mozilla.org/show_bug.cgi?id=1304600#c3

default_address_only does what it says on the tin; it prevents anything but the default route from being used. In order to prevent the use of any host candidates, you could use either media.peerconnection.ice.no_host, or the more extreme media.peerconnection.ice.relay_only.

comment5

I'm wondering whether media.peerconnection.ice.no_host is the pref that we should evangelize to people concerned about leaking their internal IP address (instead of having them disable WebRTC entirely).

It depends. If they are concerned with leaking any internal address, then this is the pref they want. If they're ok with advertising the default route, but do not want to expose anything more regardless of capture permissions, then default_address_only is what they want

So that clears that up. It's still used, but not in the way it was prior to 51.

I don't think it's worth documenting uBOs behavior because there is no downside (uBO takes care of what it needs on startup).

@earthlng Do you think we could should change the FF versioning to just [FF42] and improve the description?

@Thorin-Oakenpants
Copy link
Contributor Author

also use this issue for the suggestion to add a [TEST] - if you read the bugzilla in previous post francois listed one, I think we have one in the wiki, I have on my speed dial individual test page as well

Thorin-Oakenpants added a commit that referenced this issue Dec 11, 2018
FYI, the https://www.privacytools.io/webrtc.html test in our wiki is 404, so I gave it a strikethru and added this one. This is also handy for 2001, but do we need to double up on it? We're only disabling WebRTC because of IP leaks, so I don't see the point in testing if WebRTC is disabled.
@earthlng
Copy link
Contributor

switch (value) {
  case "default":
    // All prefs are already set to be reset.
    break;

  case "default_public_and_private_interfaces":
    prefs["media.peerconnection.ice.default_address_only"] = true;
    break;

  case "default_public_interface_only":
    prefs["media.peerconnection.ice.default_address_only"] = true;
    prefs["media.peerconnection.ice.no_host"] = true;
    break;

  case "disable_non_proxied_udp":
    prefs["media.peerconnection.ice.proxy_only"] = true;
    break;
}

this is from the webextension Privacy API code. The 2nd non-default case sets both prefs (same as we currently do) and the last case is what uBO does. The mozilla dev said "proxy_only" is the more extreme but I don't know exactly what the difference is

@Thorin-Oakenpants
Copy link
Contributor Author

lets just bury this issue and leave it as is

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

4 participants