ip,webrtc,timezone etc

[usajm123]

Hello webrtc is leaking the ip of the vm ware and also the time and date is stuck in UTC time no matter the changing of time on VM BOX

[plaperdr]

Hello! Thanks for your interest in Blink! For the leak of IP addresses through WebRTC, Blink does not provide protection against it at the moment as we rely on browsers provided by vendors. After reading this article, it seems there is no system-wide configuration that can be used to tell browsers not to share local or private IP addresses. What I found is that the best way to prevent it would be to simply disable WebRTC or install browser extensions that disable more finely what is possible with WebRTC. For Firefox, I have found this and this. You can also prevent IP snooping with ICE by setting "media.peerconnection.ice.relay_only" to False. For Chrome, I found this extension by Google. I think the built-in UPS extension in Blink can be used to change these configs for every generated environment. For the timezone, it seems that you can add the "-v /etc/timezone:/etc/timezone:ro" argument to synchronize the time of the container with the time from the host system as seen in here. Then, if you want more control over it, the timezone can directly be changed in the browser with JavaScript.

[usajm123]

The time zone issue is still a problem tired everything and need a more specific instruction for changing the timezone am using ubuntu latest version on amazon AWS. Can u explain how to change the timezone on browser from keep putting it as UTC time ?

[plaperdr]

I've just added a timezone randomization feature with commit 57512d40f8c525855f8053a1487be5629bf7aa2d. Can you check if it works for you? I've found two ways to tweak the timezone. 1-The one I use is to change the "TZ" environment variable in the container (more info on TZ here). 2-The other is to point "/etc/localtime" to a timezone in "/usr/share/zoneinfo/" (you can do that by adding "-v /usr/share/zoneinfo/\:/etc/localtime:ro " when launching a container). I've tested the two techniques and they seem to both work. I should add that randomly modifying the timezone could create a combination of attributes that is really rare so you may render the browser more visible by having a special combination of timezone and language.

[usajm123]

Yes the update works will have to test the timezone variable. Also the next thing that needs to be urgently fixed is the screen resolution. If you test it using the extended test on whoer.net you will notice that available top and available width is always 24 and 65 respectively. That in itself makes the browser stand out to trackers as its unique to this blink platform.

As for the webrtc i think you could find a way to provide a random local private ip address on each launch for the webrtc. That would eliminate the tracking of ones local ip as it stands now. I really appreciate how quickly you responded to the issues.

Ofcourse browsers and versions that which supports webrtc ofcourse. Else if you can create a simple XPI, firefox addon that allows the routing of webrtc via private ip then that would work or a chrome plugin for that. Not sure if the current ones work as how they should.

So in closing, the Screen resolution available top and Avail Width is a major issue. Its fixed and standard and can be tracked and webrtc needs a private local ip address instead of exposing the real ip

[usajm123]

https://www.bleepingcomputer.com/news/security/new-fingerprinting-techniques-identify-users-across-different-browsers-on-the-same-pc/

There are some other tracking techniques, can this browser prevent those?

[usajm123]

Sorry closed by accident