BooBerry
commented
7 years ago How does uBlock Origin pull it off?
Closed ameshkov closed 7 years ago
BooBerry
commented
7 years ago How does uBlock Origin pull it off?
ameshkov
commented
7 years ago It does not. uBO (and ABP will also do it soon) used the approach from the comment below. Not the best thing to do as it might break some websites functionality, the desktop programs $network approach is much "cleaner", but I guess there's nothing better we can do in the browser extensions.
ameshkov
commented
7 years ago It seems that the only way is to break WebRTC for the chosen website, and if they are trying to circumvent it with the "frames" approach, block it by using Content-Security-Policy.
The same as what we did with WebSocket issue some time ago.
BooBerry
commented
7 years ago It does not
I was going to say, it does too (as an advanced/privacy option)!
Killing WebRTC would be great, especially for those using VPNs (e.g. like I do in a Windows 10 VM and on Arch Linux with the Adguard browser extensions).
ameshkov
commented
7 years ago I was going to say, it does too (as an advanced/privacy option)!
Nah, that's tweaking some chrome://flags, it is not the same topic as we discuss here.
Killing WebRTC would be great, especially for those using VPNs (e.g. like I do in a Windows 10 VM and on Arch Linux with the Adguard browser extensions).
Frankly, I am more concerned about the ad reinjection now, there're a lot of websites exploiting webrtc in order to load ads metadata.
ameshkov
commented
7 years ago We've just had an interesting discussion about this case with uBO and ABP devs.
@atropnikov please take a look: https://github.com/gorhill/uBlock/issues/1930#issuecomment-294516215
It makes sense to implement the proposed way for disabling wrapping right away. Whichever common approach is agreed, we'll be able to reuse the implementation:
@@*$websocket,domain=example.org-- to disable WebSocket wrapper@@*$webrtc,domain=example.org-- to disable the RTC wrapper
Also, we should come up with something in the desktop programs case. Wrapping RTC does not make much sense there, but we could at least transform $webrtc rules into the $network rules automatically.
ameshkov
commented
7 years ago A bit more information about it.
Test website: https://www.merriam-webster.com/
Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=707683
Discussion about CSP: https://github.com/w3c/webappsec-csp/issues/92
We do take care of it in the standalone programs with $network rules.
Browser extensions cannot do it, so we should figure out another way. For instance, we could override RTCPeerConnection objects, just like what we do for WebSocket.