erbbysam
commented
9 years ago The server acts as a signaling server and a connection must remain established so that new peers can join a room. Peer connections cannot be hijacked/MiTM'd due to sharing DTLS fingerprints over the signaling server. You would be able to see, either via wireshark or the Chrome "network" tab any additional traffic between a peer and the server/third party. I stated "nor do we have the ability to" as there is no traffic crossing the server. The traffic (via WebRTC) is directed between peers and rtccopy.com does not support any TURN based option. The only information the server has available is Room ID, browser name & version, encryption type used, usernames and unique socket IDs. This can also be confirmed via code inspection as no code is obscured on rtccopy.com and if you do not trust it then I would encourage you to host it yourself. As an aside, I did make a Chrome application at one point but shut it down to a lack of interest (mine mainly in terms of upkeep/perceived interest).
You have the ability. You can create a webrtc peer connection in the server (nothing restricts the server from joining a P2P connection). And since you can send whatever JS code you want to the client. You can get all the shared files.