Your Privacy and your Web Browser is a Contradiction

I am mad as hell about WebRTC and google chrome. I know this is a rant but it is disturbing that this is happening without any real regard to our privacy with new attack vectors being discovered every day from our browsers. Every browser is moving in this direction but some still allow you to control your risk by disabling this feature but apparently chrome knows better. One has to wonder if this has more to do with the ad networks and protecting their revenue streams. Maybe it isn’t such a good idea for the browser writers to work for the media companies???

In case you are not familiar with WebRTC, it will leak your internal ip address and has an api that will allow one to take screen shots of your desktop among other things. The best way to think about this is covert channels to TURN and STUN servers behind the scenes mapping our your address space and creating private peer to peer connections. This is so that the browser can know its own external ip address and pass that information via communication pathways to its peer. Wow did the attack vectors just increase exponentially. I can think of a half dozens exploits off the top of my head. When it is abused, you will not be aware as it penetrates your firewall to create these covert channels using encrypted udp packets. It can arrive via the ad networks and the best part of all… you have no control if you are using chrome. Think your VPN is going to save you?… not at all as it is mapping from the inside out.

Yesterday, I see the lights on my switch connected to my computer flashing quickly. Odd because I wasn’t doing anything? I pull out my sniffer and notice that chrome is pegging a site in Norway at about 10 connections per second. That is just one tab from opening a site about the world junior swimming championships (warning this page will trip a bug with WebRTC with linux/chrome 44.0.2403.157 (64-bit)). Further tracking and it was one of the media players trying to determine geoblocking and mapping both the internal and external addresses. Unfortunately, in this case the binding was failing and chrome was in a tight loop connecting again and again. To make matters worse, I have had problems with my interface locking up (SKY2) and dropping out for the past week and now I know why. I spent probably 5 hours tracking this driver and patching it and then wondering why our network seemed sluggish. That was only one tab open. Can you imagine how this plays out with a business with a few thousand computers. Would anyone even know?

Want to know if you have a problem… try this link and see what your browser has done behind your back. There is no way to disable this with chrome but firefox can turn this off by modifying the media.peerconnection.enabled from about:config. If you have noscript than you are protected by default because it is javascript that enables this. Firefox also has a plugin but given that Browsers clearly do not care about your privacy, the best bet is disable all javascript and use both until something changes for the better.

If you want to know how other potential leaks your browser has… try this site – www.browserleaks.com.

Bottom line: We can no longer trust Google Chrome. Since every browser is determined to add WebRTC, just be vigilant about your options that allow one to turn off features that do not work for you. Given that google apparently has gone out of their way to make sure it can not be disabled, be very careful about using chrome in any manner including incognito .. It has nothing to do with your plugin’s and everything to do with their core product and design. Sad state of affairs and this is going to be one of the best malware channels ever.

References: