undefined | Better HN

0 pointscodedokode3y ago0 comments

I don't think that there are many people using WebRTC especially within the same LAN, but fingerprinting is used by almost every commercial site. So I can assume that this "feature" was used in 99.99% cases for fingerprinting.

This shows how browser developers race to push new features without proper estimation of privacy concerns.

Luckily this was somewhat fixed by using randomized Apple mDNS names instead of IPs. But as a result the browser has to support Apple DNS protocol which can potentially increase attack surface.

I would prefer to disable this feature completely by default and let the minority who needs it enable it via settings.

0 comments

rollcat3y ago

> But as a result the browser has to support Apple DNS protocol which can potentially increase attack surface.

The "Apple" DNS protocol is standard DNS, over a multicast IP address, on port 5353. You can literally use plain old dig to perform mDNS lookups:

    $ dig @224.0.0.251 -p 5353 +short hello.local

    192.168.123.45

If DNS lookups considerably increase your attack surface, something is very, very wrong with your architecture.

webrtcdev13y ago

> literally

The DNS names WebRTC generates for this purpose are random, and known only to the signaling participants.

wbl3y ago

I remember old BIND versions

Sean-Der3y ago

I see a lot of WebRTC usage just in the LAN. WebRTC sees a lot of usage outside of conferencing!

* Controlling Robots (formant.io)

* Security Cameras

* File Sharing

* Game Streaming/VNC

I keep a list of interesting open source WebRTC projects at https://github.com/pion/awesome-pion

nemothekid3y ago

>I don't think that there are many people using WebRTC especially within the same LAN

Zoom/Teams with people in the same office? That seems like a rather large user base

Almost all of the “sales/demo/cross company” video calls I’ve been on have been in this bucket

cma3y ago

> Almost all of the “sales/demo/cross company” video calls I’ve been on have been in this bucket

My understanding is Zoom only supports P2P for two person calls.

I can't quite tell from this answer if it is the default or not, but it sounds like it has to be manually enabled:

> Account owners and admins can enable one-on-one meetings to have data routed between two participants (peer-to-peer), rather than going through the cloud or server. Enabling this may improve the quality and connection of one-on-one meetings (depending on how your network prioritizes traffic) by directly sending video and audio between both parties.

https://support.zoom.us/hc/en-us/articles/360061410851-Enabl...

bawolff3y ago

> This shows how browser developers race to push new features without proper estimation of privacy concerns.

Settling on a different trade-off then you would like is not the same thing as doing it without consideration.

coldtea3y ago

In this case, it is blatant disregard.

helloooooooo3y ago

Corporate networks…

j / k navigate · click thread line to collapse