Opened 5 years ago

Last modified 4 months ago

#14836 assigned task

Can we compile in WebRTC to allow QRCode bridge entry?

Reported by: mikeperry Owned by:
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: gk, brade, mcs, mikeperry Actual Points:
Parent ID: #31283 Points:
Reviewer: Sponsor: Sponsor30-can

Description (last modified by mikeperry)

We should evaluate if we can re-enable the compilation of WebRTC in Tor Browser. There are two reasons for this:

  1. Mozilla may remove the WebRTC compile time switch of WebRTC in future builds.
  2. Enabling WebRTC at compile time may enable Tor Launcher to make use of the WebCam for scanning QRCodes of bridges (see #14837).

Mozilla's security team claims that setting media.peerconnection.enabled to false will completely disable content access to all WebRTC APIs, which should be sufficient for us. However, my review of the FF31 source showed that several other things get compiled in to the browser that may or may not be directly tied to the peerconnection APIs. For example RTSP and SCTP protocol support gets compiled in, and there may be other ways to use these protocols elsewhere in the browser. See: https://gitweb.torproject.org/tor-browser-spec.git/tree/audits/FF31_NETWORK_AUDIT

FWIW, simple PoC's such as https://diafygi.github.io/webrtc-ips/ fail if media.peerconnection.enabled is unset, but again, more investigation is needed.

Child Tickets

Change History (12)

comment:1 Changed 5 years ago by mikeperry

Description: modified (diff)
Keywords: tbb-usability-stoppoint-wizard removed

comment:2 Changed 5 years ago by gk

Cc: gk added

comment:3 Changed 5 years ago by gk

If we compile it in content has access to the devices as well (see: https://people.torproject.org/~gk/misc/webrtc_test.html for an example). I wonder if we would allow device fingerprinting that way and how bad it would be.

comment:4 Changed 5 years ago by mikeperry

Hrmm, good point. However, I am able to disable this from content window by setting media.navigator.enabled to false. Though we should be sure there aren't other things we should pref off if we enable this, too.

comment:5 Changed 5 years ago by mcs

Cc: brade mcs added

comment:6 Changed 4 years ago by mikeperry

Keywords: tbb-5.0a-highrisk added

Tag the set of things that are risky to debut in the 5.0-stable release without testing in a prior alpha.

comment:7 Changed 4 years ago by mikeperry

Keywords: TorBrowserTeam201506 added

Ensure all tbb-5.0a items are on the June radar.

comment:8 Changed 4 years ago by mikeperry

Keywords: MikePerry201506 added
Owner: changed from tbb-team to mikeperry
Status: newassigned

comment:9 Changed 4 years ago by mikeperry

Keywords: ff38-esr tbb-5.0a-highrisk TorBrowserTeam201506 MikePerry201506 removed

Going to take this off the ff38 radar for now. We can consider this later.

comment:10 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:11 Changed 5 months ago by gaba

Cc: mikeperry added
Owner: mikeperry deleted

comment:12 Changed 4 months ago by pili

Parent ID: #31283
Sponsor: Sponsor30-can
Note: See TracTickets for help on using tickets.