Confirmed users
39
edits
Media/WebRTC/Privacy: Difference between revisions
→Address leakage and VPNs
(Added comparison table) |
|||
| (4 intermediate revisions by 3 users not shown) | |||
| Line 4: | Line 4: | ||
==Address leakage and VPNs== | ==Address leakage and VPNs== | ||
===Undocumented=== | |||
A lot has yet to be documented, and a lot has been and has yet to be implemented. | |||
In the vacuum, prefs like media.peerconnection.ice.proxy_only_if_behind_proxy are getting 'documented' like [https://www.reddit.com/r/firefox/comments/8hjh3h/google_voice_psa_if_you_have_been_recently_having/ this]. | |||
===Test=== | |||
* a [https://diafygi.github.io/webrtc-ips/ test for WebRTC leaks] (partial?) | |||
===Prefs that control ICE Candidate generation=== | ===Prefs that control ICE Candidate generation=== | ||
| Line 21: | Line 28: | ||
** LAN IP addresses are not generated, the external IP address for that interface is (for a VPN, the exit portal of the VPN) | ** LAN IP addresses are not generated, the external IP address for that interface is (for a VPN, the exit portal of the VPN) | ||
** If your router does not support 'hairpinning', a within-LAN call will end up being routed through an external TURN server | ** If your router does not support 'hairpinning', a within-LAN call will end up being routed through an external TURN server | ||
* '''media.peerconnection.ice.no_host''' -- boolean (default false) -- eliminate all local addresses from the candidates (Firefox 51) -- {{Bug|1297416}} | |||
* '''media.peerconnection.enabled''' -- boolean (default true) -- enables/disabled ability to create RTCPeerConnection objects (all recent Firefox versions) | * '''media.peerconnection.enabled''' -- boolean (default true) -- enables/disabled ability to create RTCPeerConnection objects (all recent Firefox versions) | ||
| Line 33: | Line 40: | ||
| relay_only || No || No || Yes || If no TURN server is provided || All interfaces will be used to try to connect to the relay | | relay_only || No || No || Yes || If no TURN server is provided || All interfaces will be used to try to connect to the relay | ||
|- | |- | ||
| use_document_iceservers || Yes || Yes || Yes || N/A || All | | use_document_iceservers || Yes || Yes || Yes || N/A || All interfaces will be used to try to connect to the relay | ||
|- | |||
| default_address_only || Yes || Yes || Yes || N/A || Only the interface with the default route | |||
|- | |- | ||
| | | no_host || No || Yes || Yes || N/A || All interfaces will be used | ||
|- | |- | ||
| peerconnection.enabled || No || No || No || Always || N/A | | peerconnection.enabled || No || No || No || Always || N/A | ||
| Line 44: | Line 53: | ||
===Hooks to control access to createOffer/createAnswer=== | ===Hooks to control access to createOffer/createAnswer=== | ||
Firefox 43 (uplifted to 42) supports hooks that allow an extension to allow or deny calls to createOffer and createAnswer -- {{Bug|1189060}} | With the removal of old-style add-ons in Firefox 57, the following information is no longer applicable. An equivalent WebExtensions API is under development, but not yet complete. See {{Bug|1281833}} for details. | ||
<s>Firefox 43 (uplifted to 42) supports hooks that allow an extension to allow or deny calls to createOffer and createAnswer -- {{Bug|1189060}} | |||
<nowiki> | <nowiki> | ||
// Add-ons can override stock permission behavior by doing: | // Add-ons can override stock permission behavior by doing: | ||
| Line 61: | Line 72: | ||
// See browser/modules/webrtcUI.jsm for detail</nowiki> | // See browser/modules/webrtcUI.jsm for detail</nowiki> | ||
Example extension: http://hancke.name/tmp/verhueterli.xpi (source: https://github.com/fippo/plumber). Note: unsigned extensions require flipping a pref to use (and can't be used in Beta 41). | Example extension: http://hancke.name/tmp/verhueterli.xpi (source: https://github.com/fippo/plumber). Note: unsigned extensions require flipping a pref to use (and can't be used in Beta 41).</s> | ||