WebRTC leaking local IP address

[Vulgaris-Viridis]

Prerequisites

• I verified that this is not a filter issue
  • Filter issues MUST be reported at filter issue tracker
• This is not a support issue or a question
  • Support issues and questions are handled at /r/uBlockOrigin
• I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
• I tried to reproduce the issue when...
  • uBlock Origin is the only extension
  • uBlock Origin with default lists/settings
  • using a new, unmodified browser profile
• I am running the latest version of uBlock Origin
• I checked the documentation to understand that the issue I report is not a normal behavior

Description

WebRTC leaking local IP address

[Description of the bug or feature]
WebRTC leaking local IP address despite 'Prevent WebRTC from leaking local IP addresses' being checked in uBo settings. it's mitigated either by enabling Disable WebRTC addon or setting 'media.peerconnection.enabled = false" in about:config.

A specific URL where the issue occurs

https://www.vpninsights.com/webrtc-leak-test

[A specific URL is MANDATORY for issue happening on a web page, even if it happens "everywhere"]

Steps to Reproduce

1. [First Step] Check ubo option box
2. [Second Step] Test it - doesn't work; leaking ip adress.
3. [and so on...] try 'media.peerconnection.enabled = false' - not leaking ip adress

Expected behavior:

[What you expected to happen]
WebRTC to not leak ip adress

Actual behavior:

[What actually happened]
WebRTC leaks ip adress

Your environment

• uBlock Origin version: 1.18.16
• Browser Name and version: Firefox 66.0.5 (64-bit)
• Operating System and version: Win10 1809

[uBlock-user]

I can reproduce in Nightly too.

Edit, I'm seeing my ISP's address, not the local IP as presented by the OP.

[uBlock-user]

Likely due to gorhill/uBlock@977178b

[gorhill]

Unable to reproduce.

@uBlock-user Let's first reproduce before speculating what commit is supposedly wrong.

Too many users make the mistake of confusing "Prevent leaking local IP addresses" with "Prevent leaking any IP addresses".

@Vulgaris-Viridis The setting has nothing to do with media.peerconnection.enabled, why do you expect that it's equivalent?

[gorhill]

The test on that page is pointless, he does not even test properly. The proper test is the one linked to in the official wiki, a more complete one:

https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address

It works as expected.

So it seems it's the usual misreading of what the setting is about: to prevent leaking local IP addresses, not to disable WebRTC.

[uBlock-user]

@gorhill but why is the behavior different than Chromium ? On Chromium, external IP also doesn't leak, because technically it should, the setting is only to prevent local IP address from leaking.

[gorhill]

Because Chromium implemented the feature differently, the related issue in the commit you linked to explain this: gorhill/uBlock#3009. Chromium's implementation of disable_non_proxied_udp does not break WebRTC, while Firefox's implementation does break WebRTC. See Firefox's dev comment.

The setting is: "Prevent WebRTC from leaking local IP addresses"

So it works as expected on both platform, regardless of the difference.

[axelsimon]

Just tested this function using the recommended test website (https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/) as suggested on wiki page linked to by uBlock Origin itself, next to the Prevent WebRTC from leaking local IP addresses preference checkbox.

• With the box ticked in uBlock Origin: gather candidates finds my IP addresses, both private and public
• With the box unticked in uBlock Origin but media.peerconnection.enabled set to false (using the Disable WebRTC add-on): gather candidates finds nothing

Note: Google's stun server gathers also the public IP address but stun.matrix.org doesn't.

[gorhill]

Unable to repro. All such reported cases turned out to be users not understanding "private" vs "public", or possibly messing with about:config and thus overriding uBO's setting, or possibly using another extension overriding uBO's setting.

[gorhill]

using the Disable WebRTC add-on

As expected, if I install https://github.com/ChrisAntaki/disable-webrtc-firefox and enable WebRTC through this extension, uBO's setting is disregarded.

Not sure this would resolve the issue, but [see below] "Disable WebRTC" should definitely use browser.privacy.network.webRTCIPHandlingPolicy.clear() instead of browser.privacy.network.webRTCIPHandlingPolicy.set() when not disabling WebRTC.

BrowserSetting.clear():

The extension will also give up control of the setting, allowing an extension with lower precedence (that is, an extension that was installed before this one) to modify the setting.

[axelsimon]

I'm sure I installed uBO first thing on this browser, so "Disable WebRTC" must have been installed after.

In the case I was describing earlier, the private address being reported by the suggested tool is that of a wireguard interface in the 10.0.0.0/8 range, so part of a range clearly designated to be private.
The public address I was referring to is a public IP address on a server.

Just did some other tests on another Firefox profile, which only has two add-ons (uBO and Panorama Tab Groups), without any kind of VPN and whether the preference is ticked or not the testing tool reports exactly the same thing: my current public IP address.