This page gathers information related to privacy in WebRTC. This is a Work-In-Progress and more categories need to be added.
Note: this page is for documenting options, not for discussion.
Address leakage and VPNs
Prefs that control ICE Candidate generation
All of these can be set from about:config, or controlled via an extension
- media.peerconnection.ice.force_interface -- string (default "") -- interface name to match for ICE (Firefox 43, uplift requested for 42 and 41) -- bug 1189040
- If set, and there is no interface that matches exactly, NO candidates will be generated
- If set and there is a match, that interface will be used solely for ICE. Local (LAN) and external IP addresses for that interface will be used for ICE candidates. This can be pointed at a single external interface to hide/ignore internal (VM) interfaces, unconnected interfaces or VPNs (e.g. work VPNs). It can also be set to a VPN interface, and then ICE will only use the VPN (and if the VPN is down, ICE will fail).
- media.peerconnection.ice.relay_only - boolean (default false) -- only generate relay (TURN) candidates for ICE (Firefox 42, uplift requested for 41) -- bug 1189030
- This can be used to block all local (LAN) and external IP addresses from being generated as candidates.
- An example use-case would be avoiding exposing your external IP address to a caller (such as when avoiding disclosing you're in town Xxxxx when having a call with someone you have a protection order against; roughly the equivalent of blocking outgoing caller-id on the PSTN bug *-whatever)
- NOTE: does not hide your external IP address from the TURN server itself.
- media.peerconnection.use_document_iceservers -- boolean (default true) -- use STUN/TURN servers provided by the page (all recent Firefox versions)
- If set to false and media.peerconnection.default_iceservers is set to the server(s) you want to use, only those servers will be used, and no server provided by the page will be used.
- This can be useful for corporate 'gateway' TURN servers, or for a TURN server hosted by a VPN provider.
- media.peerconnection.ice.default_address_only -- boolean (default false) -- limit ICE candidates to the default interface only (Firefox 43, uplift requested for 42) -- bug 1189041
- The default interface used for general routing is identified and only that address is used for candidate generation
- LAN IP addresses are not generated, the external IP address for that interface is (for a VPN, the exit portal of the VPN)
- If your router does not support 'hairpinning', a within-LAN call will end up being routed through an external TURN server
- NOT supported with e10s yet (see bug 1194259)
- media.peerconnection.enabled -- boolean (default true) -- enables/disabled ability to create RTCPeerConnection objects (all recent Firefox versions)
Hooks to control access to createOffer/createAnswer
Firefox 43 (uplift requested to 42) supports hooks that allow an extension to allow or deny calls to createOffer and createAnswer -- bug 1189060
// Add-ons can override stock permission behavior by doing:
//
// var stockObserve = WebrtcUI.observe;
//
// webrtcUI.observe = function(aSubject, aTopic, aData) {
// switch (aTopic) {
// case "PeerConnection:request": {
// // new code.
// break;
// ...
// default:
// return stockObserve.call(this, aSubject, aTopic, aData);
//
// See browser/modules/webrtcUI.jsm for detail
Example extension: http://hancke.name/tmp/verhueterli.xpi (source: https://github.com/fippo/plumber). Note: unsigned extensions require flipping a pref to use (and can't be used in Beta 41).