Skip to content

/ webtorrent

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WebRTC IP Leak #552

Closed
gazza-911 opened this issue Dec 30, 2015 · 5 comments
Closed

WebRTC IP Leak #552

gazza-911 opened this issue Dec 30, 2015 · 5 comments

Comments

@gazza-911
Copy link

@gazza-911 gazza-911 commented Dec 30, 2015

Does webtorrent fix the WebRTC bug [revealed on February 2015] that allows STUN servers to see the real IP as opposed to VPN IP?

Unfortunately is doesn't seem to be discussed anywhere.
@josephfrazier

This comment has been minimized.

Sign in to view
Copy link
Member

@josephfrazier josephfrazier commented Dec 30, 2015

EDIT: Disregard the Firefox bits here. See my next comment instead.

In the browser, you should be able to prevent IP leakage as described by https://ipleak.net/#docs

  • Mozilla Firefox: Type "about:config” in the address bar. Scroll down to “media.peerconnection.enabled”, double click to set it to false.
  • Google Chrome: Install Google official extension WebRTC Network Limiter.
@gazza-911

This comment has been minimized.

Sign in to view
Copy link
Author

@gazza-911 gazza-911 commented Dec 30, 2015

So the bug still remains in WebTorrent itself then.

Also, the docs are only for browsers, not desktop apps using WebTorrent such as Playback. Does this mean that for applications using WebTorrent, you have to contact them to check/fix this?
@josephfrazier

This comment has been minimized.

Sign in to view
Copy link
Member

@josephfrazier josephfrazier commented Dec 31, 2015

Oh wow, I definitely just copy/pasted for my previous message without actually reading it... The Firefox fix suggested above disables peer connections entirely, meaning that WebTorrent wouldn't work very well at all. I think the about:config setting needed is media.peerconnection.ice.default_address. See https://wiki.mozilla.org/Media/WebRTC/Privacy for more info.

I don't know whether particular non-browser environments like electron provide an equivalent setting, but if they don't, I imagine it might be possible for WebTorrent to detect which SDP candidates contain private IP addresses, and strip them out before sending the SDP anywhere.
@feross

This comment has been minimized.

Sign in to view
Copy link
Member

@feross feross commented Jan 1, 2016

This isn't an issue for WebTorrent to resolve. Browsers have already taking steps to mitigate the leak, like always using the default route (i.e. the VPN route) when connecting to STUN servers, and not revealing the local IP addresses unless the user gives camera and mic permissions (which WebTorrent doesn't request).

Given these browser fixes, I see nothing for WebTorrent to do. If you're using a VPN, only the VPN default route should be used (at least in Chrome; I'm less familiar with the steps Mozilla has taken).
@feross feross closed this Jan 1, 2016
@Ciao121 Ciao121 mentioned this issue Dec 14, 2017
Open
@lock

This comment has been minimized.

Sign in to view
Copy link

@lock lock bot commented May 5, 2018

This thread has been automatically locked because it has not had recent activity. To discuss futher, please open a new issue.
@lock lock bot locked as resolved and limited conversation to collaborators May 5, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@gazza-911 @josephfrazier @feross
You can’t perform that action at this time.