Opened 4 months ago

Last modified 3 months ago

#29205 new task

Look into using Firefox for the WebRTC implementation

Reported by: cohosh Owned by:
Priority: Medium Milestone:
Component: Circumvention/Snowflake Version:
Severity: Normal Keywords:
Cc: dcf, arlolra, gk, cohosh Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor19

Description (last modified by cohosh)

Reduce fingerprintability and solve Windows reproducible builds problem by replacing the current Chome-based C++ WebRTC implementation with Firefox's built-in WebRTC implementation.

Update: After discussions with dcf, it looks like fingerprintability is not much of a concern and in any case would be no different with Firefox vs Chrome. Also, since meek is moving to uTLS instead of Firefox this isn't necessarily more convenient.

Leaving this ticket open just as another alternative for looking at different WebRTC implementations (related: #28942)

Child Tickets

Change History (6)

comment:1 Changed 4 months ago by gk

Cc: gk added

comment:2 Changed 4 months ago by cohosh

Cc: cohosh added

comment:3 Changed 4 months ago by cohosh

Priority: Very HighMedium

comment:4 Changed 4 months ago by cohosh

Description: modified (diff)
Summary: Use Firefox for the WebRTC implementationLook into using Firefox for the WebRTC implementation

Firefox is likely not the answer here as the workflow and details are very close to Chrome. Fingerprintability is not at the moment a problem, nor would Firefox likely provide a solution better than the current Chrome library.

comment:5 Changed 3 months ago by arma

I had thought the idea here was to drive an actual firefox to talk webrtc to the snowflakes. That way Tor users would be talking webrtc just like firefox, because it *would* be firefox. Rather than linking in a library and trying to call it in the same ways that Firefox calls it (and react to errors and network conditions etc in the same way that Firefox reacts).

And we picked Firefox because "we already have one" in tor browser (though tor browser currently disables webrtc at compile time, but hey, nobody said this would be easy).

So, kind of like how meek launches a browser and drives it to do the domain fronting connection.

comment:6 in reply to:  5 Changed 3 months ago by cohosh

Replying to arma:

I had thought the idea here was to drive an actual firefox to talk webrtc to the snowflakes. That way Tor users would be talking webrtc just like firefox, because it *would* be firefox. Rather than linking in a library and trying to call it in the same ways that Firefox calls it (and react to errors and network conditions etc in the same way that Firefox reacts).

And we picked Firefox because "we already have one" in tor browser (though tor browser currently disables webrtc at compile time, but hey, nobody said this would be easy).

So, kind of like how meek launches a browser and drives it to do the domain fronting connection.

This was the idea, I had a conversation with dcf over email about it. Some key points brought up were:

  • Using a headless browser is difficult and meek just moved to using uTLS for this reason (#29077).
  • What you mentioned with the currently disabled WebRTC:

"Omitting WebRTC is a safety measure to avoid IP address leaks; instead
of disabling WebRTC through a runtime configuration option, the Tor
Browser devs have decided not even to compile it."

  • WebRTC fingerprintability isn't currently as much of an issue as, for example, the Firefox TLS fingerprints. There are so many variations in WebRTC implementations at the moment that fingerprinting is a long way out

So overall, I would say it's still something to consider, but we should evaluate it along with other options such as #28942 and try to figure out (esp. since headless Firefox is going away for meek) whether or not it actually makes our live easier. My understanding is that the "makes our lives easier" bit is more important at the moment than "stop all conceivable future fingerprinting attemps" especially since possible attempts are not well-defined at the moment.

Note: See TracTickets for help on using tickets.