WebRTC

[Patryk-S-W]

WebRTC can checking your local IP, u can add to Chameleon switch to disabling WebRTC?

https://www.browserleaks.com

[ghostwords]

I just added detection of WebRTC initialization. This should help me find use of WebRTC by fingerprinters in the wild, using Chameleon Crawler. Once I have some samples, I will try to improve detection to judge whether WebRTC is specifically being used for fingerprinting.

In the meantime, you can can disable WebRTC in Chrome with the WebRTC Block extension.

[ghostwords]

Note that Browser Leaks' WebRTC page breaks with Chameleon enabled. The page detects the webkit-prefixed WebRTC API, assumes a Chrome user agent string will be present, and tries to parse out Chrome's version number, but the parsing fails since Chameleon replaced Chrome's user agent string by that of Firefox.

This will be resolved when Chameleon stops masquerading as Tor and starts (intelligently) randomizing browser attributes instead: #1.

[gunesacar]

I tried this demo: https://diafygi.github.io/webrtc-ips/ This time the demo works but Chameleon fails to detect WebRTC initialization (or I miss something). I'm using Chameleon 0.7.0, Chromium 40.0.2214.111 and Ubuntu.

[ghostwords]

I believe that's #5. WebRTC initialization on that demo page is done inside an internal (to the page) script tag, which executes before Chameleon's overrides.

[gunesacar]

Indeed! When I put the script into a separate file, Chameleon detects webkitRTCPeerConnection. Thanks!

[ghostwords]

The injected script race condition should be resolved in the master branch, so inline scripts should now always get processed same as external scripts.

[gunesacar]

WebRTC demo page linked above is now being detected by Chameleon. Thanks for the great work!

[ghostwords]

You're welcome!

[ghostwords]

Relevant: EFForg/privacybadgerfirefox/issues/394