Delivery-Date: Mon, 09 Feb 2015 17:29:20 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 528AE1E0805
	for <archiver@seul.org>; Mon,  9 Feb 2015 17:29:18 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D769D3229A;
	Mon,  9 Feb 2015 22:29:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 06B943216F
 for <tor-talk@lists.torproject.org>; Mon,  9 Feb 2015 22:29:10 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vd_b2-ZonT6i for <tor-talk@lists.torproject.org>;
 Mon,  9 Feb 2015 22:29:09 +0000 (UTC)
Received: from turtles.fscked.org (turtles.fscked.org [76.73.17.194])
 by eugeni.torproject.org (Postfix) with ESMTP id DB8B631ECB
 for <tor-talk@lists.torproject.org>; Mon,  9 Feb 2015 22:29:09 +0000 (UTC)
Date: Mon, 9 Feb 2015 14:28:48 -0800
From: Mike Perry <mikeperry@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150209222848.GD4708@torproject.org>
MIME-Version: 1.0
Subject: [tor-talk] Please help evaluate WebRTC for Tor Browser safety
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============7511563339749529775=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============7511563339749529775==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="jL2BoiuKMElzg3CS"
Content-Disposition: inline


--jL2BoiuKMElzg3CS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

There seems to be a lot of interest in WebRTC Tor safety lately on this
list. The simple https://diafygi.github.io/webrtc-ips/ PoC does not work
against Tor Browser for two reasons:

1. We don't compile in WebRTC at all.
2. We set the pref 'media.peerconnection.enabled' to false.

We would like to change property #1 so that it is easier to support
QRCode-encoded bridge entry and bridge sharing in Tor Launcher
(https://trac.torproject.org/projects/tor/ticket/14837). In my testing,
and according to Mozilla security engineers, it should be safe for us to
compile WebRTC in and set media.peerconnection.enabled to false, but
there may be other vectors to this code that we've all missed to date.

Hence, this is a request to interested parties to try harder to bypass
Tor in a stock Firefox using WebRTC and associated protocols (RTSP,
SCTP) with media.peerconnection.enabled set to false. Again, the
existing PoC fails in this case for me, but we need more in-depth tests.

For more info, see:
https://trac.torproject.org/projects/tor/ticket/14836 and
https://gitweb.torproject.org/tor-browser-spec.git/tree/audits/FF31_NETWORK=
_AUDIT

--=20
Mike Perry

--jL2BoiuKMElzg3CS
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU2TSgAAoJEEEC+JXS8eGGw0IP/Rrcd0b1dNlNAdVMQQNyoJvt
Gd0MV8k9CSdkAW/3IwZ+g30D2+VG2fVxnR5ed6eIzk1en6zyfX+IPZvHm5xOa/Ed
/v84J2j030yd9cV6UnizKHHMwtftz6RutHb/Lj/7R/Wg+BUsf1w7gNQeU3hMPMEw
y7q+XfwMbLJoy2MeH1a4j7p07Un3+KrsBihN4AsdknuzKUCOoc5AgZ5lyhVJNFkt
FxJCoMpPDHTMgNMwO/UINIDSbv/r84ODvhZ4Hh3lFq4U+BbebVgfV9OlBdqV453G
NPMqJeL1Av8pRzUlKHVRvswkRaCZRR2vTjSIoBWTlpC6h1ybjj355egcPVy3rjWZ
wk0G79ygFOnFzkQfTGnN3H5mQvMG2R5YtJQy4dZf3r6EIHkNY62TgT+4hSb740No
R33T1Vw6Er7BmhSRwm5RDmORPJGNNgWtpmyYHRgmCj7457sPMRpJOWQFrD1xyRqZ
SongQx9TbZCQv6aq5AFkDAmAHpJ/BKYaMTtzw2Qkl8wPqCd74aNNzAig6ghYj6nV
cYF9Y/XD2h+MyAvHjcBYeljHGvP1qecjX7hD6skalVwSRg555+fMsX2zdjXW3Oww
rfCJutYrCdF769p+cfbEDYGkusRTG/zp6OpayIPrCA8fjYo9q7dPM7pWmoKjKMfk
2pUUuoMRqCLrxPSaOxSg
=svnz
-----END PGP SIGNATURE-----

--jL2BoiuKMElzg3CS--

--===============7511563339749529775==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============7511563339749529775==--

