search

mullvad / mullvad-browser

Privacy-focused browser for Linux, macOS and Windows. Made in collaboration between @torproject and @mullvad
https://mullvad.net/browser
1.25k stars 25 forks source link

WebRTC questions #99

Closed NearestWater262 closed 2 weeks ago

NearestWater262 commented 1 year ago

https://browserleaks.com/webrtc meet.jit.si (privacy oriented conference caller for testing)

  1. Why is the Public WebRTC IP blank? but webrtc still works?
  2. i noticed that when i use a socks5 proxy, web rtc still works. is it using the socks5 proxy for voice and camera? or it is bypassing the socks5 config in firefox?
  3. when using WebRTC, what is the policy? Public only? or Public and private interfaces?
ruihildt commented 1 year ago

For 2, webRTC is proxied. You can observe that by starting a Jitsi session and going to about:webrtc.

For the other questions, I don't know how to answer them. We have been discussing how to improve our default webRTC settings, and hopefully I'll be able to better answer you once we've investigated more.

NearestWater262 commented 1 year ago

@ruihildt thank you very much, looking forward to developments :D

ruihildt commented 2 weeks ago

To answer 3, our current settings are:

media.peerconnection.ice.default_address_only = true
media.peerconnection.ice.no_host = true
media.peerconnection.ice.obfuscate_host_addresses = true
media.peerconnection.ice.proxy_only = false
media.peerconnection.ice.proxy_only_if_behind_proxy = true
media.peerconnection.ice.relay_only = true

This is done to prevent IP leaks through UDP whenever a proxy is in use.

See: https://gitlab.torproject.org/tpo/applications/mullvad-browser/-/issues/151#note_2929915