inox-patchset icon indicating copy to clipboard operation
inox-patchset copied to clipboard

Published 20 hours ago verified publisher icon gcarq

webrtc mitigation (no ip leak)

Open HotelBellaMuerte opened this issue 7 years ago • 6 comments

with this

you can use webrtc "safely", because if you use a vpn doesnt leak your ip

https://github.com/bn0785ac/inox-hardened/commit/71c8d4b6403b63740635d8e6954585cdc144d5f3

@gcarq @xsmile @perfect7gentleman

HotelBellaMuerte avatar Dec 30 '17 23:12 HotelBellaMuerte

IIRC I had tried these but they were not effective, although I cannot say if it was due to pre-existing stored settings or other reasons. Did anyone else test them?

csagan5 avatar Apr 30 '18 22:04 csagan5

it just helps you if you're using a proxy (at inox), and just forces webrtc to respect IP setups (in leak case).

just leak the "protect webrtc ip" from ublock, but at inox codebase.

as we cant block it, we could be more respectful

HotelBellaMuerte avatar May 01 '18 02:05 HotelBellaMuerte

In Bromite I simply build without webRTC to get rid of all its woes; this will however be extremely more difficult from v68 onwards since the Chromium devs have dropped the build option.

csagan5 avatar Jun 21 '18 18:06 csagan5

@csagan5 Good to know, this flag was broken some time ago, seems like they fixed it though. Do you have any direction or intention to address this from v68 onwards?

gcarq avatar Jun 21 '18 18:06 gcarq

@gcarq they fixed it...by removing it altogether (I'd hardly call that "fixed", but I understand it is an "optimisation" if nobody cares about building without webRTC)

I always build the tags of the current stable (so these days the latest tag of v67) but I already took note of some commits that need be reverted to reinstate the enable_webrtc=false build flag functionality:

  • https://github.com/chromium/chromium/commit/c6d201bf57dab8c8c53470325bbe19deca1523f4
  • https://github.com/chromium/chromium/commit/d98b020fe1f0cb85de21de5313261a66ad9c9fe4
  • https://github.com/chromium/chromium/commit/b564859b890058765c3f92839c71ba0c6595398c

My plan of action would be the following: when v68 becomes stable start building it and attempt reverting those commits in reverse chronological order, fix the rest manually (might need to inspect/revert more commits) and hopefully have again the possibility to build without webRTC.

csagan5 avatar Jun 21 '18 18:06 csagan5

it was broken sinve v62

also you can take this patch (is a better implementation of my idea) ... i'll replace my patch with them

https://github.com/bromite/bromite/blob/master/patches/BRM014_Disable-WebRTC-by-default.patch

HotelBellaMuerte avatar Jun 22 '18 01:06 HotelBellaMuerte