Please Re-Instate WebRTC Blocking Immediately.

[scramblr]

Prerequisites

• [X] I verified that this is not a filter issue (MUST be reported at filter issue tracker)
• [X] This is not a support issue or a question
• [X] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
• [X] The issue is not present after wholly disabling uBlock Origin ("uBO") in the browser
• [X] I checked the documentation to understand that the issue I report is not a normal behavior

I tried to reproduce the issue when...

• [X] uBO is the only extension
• [X] uBO with default lists/settings
• [X] using a new, unmodified browser profile

Description

Back in September, a thread was created (https://github.com/uBlockOrigin/uBlock-issues/issues/1723) and WebRTC was removed from the uBlock codebase. This has silently exposed many people who rely on airtight configurations to never expose their external IP address. While the idea of masking your external IP address was mocked in the thread, I would politely refer you to the use cases of Tor, Proxies, and other IP masking technologies. WebRTC is used to hop over these masks and expose a user's true external IP address.

It was a very important safety tool, and it was removed without even alerting anyone. Please add it back.

A specific URL where the issue occurs

https://browserleaks.com/webrtc

Steps to Reproduce

This is N/A.

Expected behavior

Please re-instate WebRTC protections immediately.

Actual behavior

N/A

uBlock Origin version

All future versions

Browser name and version

Chrome, Chromium, etc

Operating System and version

All

[sickcodes]

Why was this removed? WebRTC IP Leaking via STUN requests is textbook tracking

[opsxcq]

This issue affects everyone, please fix it ASAP.

[uBlock-user]

While the idea of masking your external IP address was mocked in the thread, I would politely refer you to the use cases of Tor, Proxies, and other IP masking technologies. WebRTC is used to hop over these masks and expose a user's true external IP address.

WebRTC settings only blocked leaking local router IP address, your external IP address was never hidden in the first place.

[scramblr]

You don't seem to understand how this works.

[uBlock-user]

There's nothing to understand, "Prevent WebRTC from leaking local IP addresses" setting speaks for itself. Your external IP address was never hidden, adding the setting back won't hide it either.

[MLGRadish]

It seems like the name is confusing. Renaming the feature to "disable WebRTC" should fix the issue.

[uBlock-user]

Renaming the feature to "disable WebRTC" should fix the issue.

https://github.com/gorhill/uBlock/issues/2853

Doubt that's possible in Chromium based browsers.

[MLGRadish]

How about a Firefox only feature then?

[scramblr]

Can you please explain to me why the uBlock version from ublock.org is able to protect my IP from exposure still, then? https://pbs.twimg.com/media/FDdOCBUVcAMFrjG?format=jpg&name=4096x4096

There's nothing to understand, "Prevent WebRTC from leaking local IP addresses" setting speaks for itself. Your external IP address was never hidden, adding the setting back won't hide it either.

[duaneking]

Is it possible that this was bought out and so this was removed as a way to make it less effective for users and thus more valuable for the new owners?

[uBlock-user]

Can you please explain to me why the uBlock version from ublock.org is able to protect my IP from exposure still, then? https://pbs.twimg.com/media/FDdOCBUVcAMFrjG?format=jpg&name=4096x4096

Side-effect of that setting on your "airtight" configuration perhaps. Hiding external IP address has never been the intension of the WebRTC setting.

---

Your external IP address is already sent to the website when you navigate to it via a document request. So in the end it's still exposed.

[scramblr]

You are completely dismissive and condescending about all of this, and you don't have a grasp on what you're doing. Enjoy your day.

[ghost]

Can you please explain to me why the uBlock version from ublock.org is able to protect my IP from exposure still, then? https://pbs.twimg.com/media/FDdOCBUVcAMFrjG?format=jpg&name=4096x4096

Side-effect of that setting on your "airtight" configuration perhaps. Hiding external IP address has never been the intension of the WebRTC setting.

Your external IP address is already sent to the website when you navigate to it via a document request. So in the end it's still exposed.

You really don't get it do you

[gorhill]

The aptly named "Prevent WebRTC from leaking local IP addresses" never had for purpose to hide your public-facing IP address, this is silly to think so -- it's literally in the name of the setting, and uBO is not a VPN or proxy service. Now with regard to non-public-facing IP addresses, the setting is no longer needed in modern browsers:

LAN IP addresses are not disclosed when using my ISP:

LAN IP addresses and ISP IP address are not disclosed when using a (system-wide) VPN:

Addendum 2021-11-06, via (browser-wide) Tor proxy:

Your public-facing IP address is visible to all sites you visit, it's silly to think that if it's not reported at https://browserleaks.com/webrtc specifically it means the site browserleaks.com can't see it, you literally requested a web page from that site, they know your public-facing IP address, they sent the HTTP response to it, see for yourself: https://browserleaks.com/ip.

---

Also, be aware that extension-based VPNs/proxies are not reliable to hide your ISP IP address, use a real system-wide VPN/proxy if you want to reliably hide your public-facing IP address. If your extension-based VPN/proxy is not properly shielding your ISP IP address, then report to them -- they are the extension with the issue. (Addendum 2021-11-06, actual case demonstrating this: https://twitter.com/fernacen/status/1457003371060137988, and showing that the removed setting was of no help in such case).

[gorhill]

So it appears the invalid issue filed here is a result of this tweet. The tweet contains many falsehoods:

"silently removed"

False. There is an issue describing the motivation for the change, and it's in the release notes.

If you do not trust uBO that much, then it's on you to closely follow development and read release notes -- your failure to do so does not make documented changes "silent".

"removed all WebRTC blocking"

False. uBO has never ever supported "WebRTC blocking". The setting was called "Prevent WebRTC from leaking local IP addresses", and its sole purpose was to prevent local IP address leakage through WebRTC, as reported here (2015).

This WebRTC flaw has been fixed natively in Firefox and Chromium more than two years ago, making the uBO setting "Prevent WebRTC from leaking local IP addresses" obsolete ever since this was fixed in those browsers.

The setting is still present and honored in Firefox for Android because it was not fixed natively as in the desktop version of Firefox. If you disable the setting in uBO in Firefox for Android and visit https://browserleaks.com/webrtc, you will likely see the "Local IP Address" entry being filled with one or more IP addresses. This is what the uBO setting is meant to prevent, and it works as expected once you enable it in that browser.

"making MANY users vulnerable to IP unmasking"

False. As seen in my comment above, there is no "IP unmasking", and OP has failed to demonstrate this, and only provided a link to https://browserleaks.com/webrtc, apparently expecting that "Public IP Address" should be n/a -- no actual steps or technical details are provided to make the case there is an actual issue, so essentially just FUD.

As explained in my comment above, this is silly, your public IP address is by definition visible to all sites you visit -- sites don't need WebRTC for this, just visit this page on the same site, it reports your public-facing IP address regardless of whether WebRTC is enabled or not.

The tweet has two screenshots, devoid of any details about the context. The browserleaks.com-related screenshot in the tweet shows that there was no "Local IP address" leakage, thus thereby confirming that the "Prevent WebRTC from leaking local IP addresses" setting is indeed no longer needed.

[uBlock-user]

OP and his posse who downvoted my responses are the same people spreading that mis-information via tweets on some ignorant belief that their ISP associated IP address is somehow blocked via that setting. It's astounding as to how far they will go because of the setting's removal for desktop browsers.

[gorhill]

At this point I am convinced all this is completely in bad faith -- hence why he refuses to come up with details regarding his claims.

Consider that he posted a screenshot of sleazy uBlock supposedly blocking WebRTC as if natively without mentioning that this can be accomplish only after one add the filter *$webrtc:

Whoever can try and see this for themselves. There is no setting in the dashboard of sleazy uBlock to control WebRTC behavior, this can only done through adding a filter.

You can accomplish just the same with uBO through its own filter syntax: *##+js(nowebrtc).

uBO's implementation (Jun 2016) predates that of sleazy uBlock (Oct 2018), and in both cases the purpose is to address sites using WebRTC to push ads, not to hide public-facing IP address through WebRTC.

[uBlock-user]

OP and his posse are trolling, ignore them. I don't see anyone with a sensible mind joining in the conversation in the tweets.

[gorhill]

Trolling or not, it's someone with a fair number of followers (many whose opinions appear captive and accepted without questioning that the claim is valid) who spread FUD about uBO:

FUD is generally a strategy to influence perception by disseminating negative and dubious or false information and a manifestation of the appeal to fear.

This is exactly what this case is about, and such case of FUD directed at uBO deserves to be thoroughly documented -- though we will likely never know what ultimately motivated this person to try to undermine the trust people have in uBO, trust earned over years of never compromising users' best interests and through refusing to sell out.

Summary:

• Spreads FUD: https://twitter.com/notdan/status/1456706246170472450
  • My answer: https://twitter.com/gorhill/status/1456776940493451268
  • More detailed answer: https://github.com/uBlockOrigin/uBlock-issues/issues/1799#issuecomment-962437677
  • People can't reproduce: https://twitter.com/fernacen/status/1457003371060137988
  • Refuses to substantiate his claims and conveniently disengage when asked to substantiate:
    • https://twitter.com/notdan/status/1456978262802849794
    • https://twitter.com/gorhill/status/1457005713146978309
• Calls for his followers to mob the repo: https://twitter.com/notdan/status/1456709677396336647
• Misleads people: https://twitter.com/notdan/status/1456718997831839746
  • My answer: https://twitter.com/gorhill/status/1457059084029550592
  • A more detailed answer: https://github.com/uBlockOrigin/uBlock-issues/issues/1799#issuecomment-962496931

If anything this shows that people need to not unquestionably accept someone claims especially when they refuses to substantiate them outright and/or through deflection, regardless of how popular is the source^[1].

---

[1] This is why personally I typically provides upfront as much verifiable information when I make claims, I want people to be able to compare their own findings with mines -- I don't ask people to blindly trust me.

[uBlock-user]

You won't be able to change their minds no matter how much you try to convince them, that's the impression I got at this thread, so document as needed, but engaging them in fruitful conversation is simply never going to happen. Talking to these group kind of people is like talking to a wall.

[gorhill]

won't be able to change their minds

I am not trying to achieve this, I just wanted to document this in details to save time for whoever may want to look more into all this and for future reference if this happens again.

[uBlock-user]

What puzzles me is why they pick uBO only, what they want is not offered by any content/ad blocker in existence, so in theory they should go after other blockers like ABP/AdGuard/Brave too.

[gwarser]

This leaked my internal IPs (all of them) on latest Chrome with ublock both debian and windows when mic/camera permission is granted. https://t.co/9jExpx0UIo

— PFFaith (@Phhaith1) December 27, 2021

"when mic/camera permission is granted."

I believe this is true. I read about this somewhere[^likely]. But why someone will give browser permission to connect for only purpose to share IP / fingerprinting? On the other hand, with WebRTC blocked, connections will not be possible at all, even legit ones.

@gorhill

[^likely]: Very likely: https://github.com/arkenfox/user.js/issues/1282:

• https://groups.google.com/g/discuss-webrtc/c/6stQXi72BEU/m/2FwZd24UAQAJ
• https://datatracker.ietf.org/doc/html/draft-ietf-mmusic-mdns-ice-candidates#section-3.1.1

[gorhill]

On my side, when not selecting mic/camera permission, no local IP addresses are leaking. When selecting mic/camera permission, there is an exception -- I don't have a mic/camera.

I believe this is true

Did you reproduce?

[gwarser]

I too don't have mic or camera. Arkenfox issue is linking to convincing documents.

[gorhill]

By the way, I am now blocked by that https://twitter.com/notdan person (ref), because I "dared" to provide a link to the thread here (ref) in response to his recent tweet (ref) in which he referred to the thread here without (conveniently) linking to it.

I consider the advice of using *$+js(nowebrtc) (which curiously he was unable to figure out on his own while he had no issue figuring sleazy uBlock's *$webrtc) to not be ideal, at least it should come with a disclosure that unconditionally patching the DOM this way on all sites makes one stand out since the patching can be seen by page's JS, and thus used as fingerprinting information (through Object.getOwnPropertyDescriptor(window, 'RTCPeerConnection')).

The core issue here is the persistent unwillingness to provide exact repro steps which can be analyzed and acted upon if needed. Asking me to "re-Instate WebRTC blocking immediately" based on two screenshots devoid of context (actually the screenshots were not even mentioned, we had to find them) and where attempts to understand what is being reported are being stonewalled (running a pottymouth on twitter is not a substitute for competent technical information to help reproduce an claimed issue), while those who cared to try to reproduce found the opposite of the original claim.

Ultimately, the whole issue here has been polluted by a bad faith person, and if there is an actual issue to solve, this should be opened as a separate issue with all the actual relevant technical information as required -- all this is not specific to uBO, this is how any project work -- issues have to be substantiated to be acted upon.

[gorhill]

I too don't have mic or camera. Arkenfox issue is linking to convincing documents.

The original comment was linking to https://browserleaks.com/webrtc. On that page, there is a "Audio Capture Permissions" which I am able to activate (I do have a microphone), and I do not see any local IP addresses leaked as a result.

[uBlock-user]

This has silently exposed many people who rely on airtight configurations to never expose their external IP address.

OP's reasoning for adding "WebRTC immediately", which is why this thread was going to go nowhere and was doomed from the beginning.

[gwarser]

I borrowed a camera. On https://browserleaks.com/webrtc when permissions are given permanently (probably page script limitation - it may only detect on reload when temporary permission [already] timeouts) it does detect my LAN IP:

On https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/ even temporary permission allow to list my LAN IP:

Firefox 97.0a1 20211229092739 uBO 1.40.3b0

Chrome does not seem to support temporary permissions, granting them allow both pages to read LAN IP.

Chrome 96.0.4664.110 (Official Build) (64-bit) with custom build uBO 1.40.3b0

[gorhill]

Thanks for reporting this. Question:

• Did you test with a pre-1.38.0 version to find out if you get the same result?
  • On my side, with 1.37.2, same result, i.e. I can see LAN IP address, but not ISP IP address when behind a VPN
  • I can't see LAN IP address when enabling the setting in uBO
• Does this also leak your ISP address when behind of VPN?
  • On my side, I am not able to see my ISP IP address when behind a VPN
• Does this happen with the microphone permission? (I wasn't able to reproduce in that case)
  • Never mind, I am able to reproduce

[uBlock-user]

@u-RraaLL

[u-RraaLL]

I agree with @gwarser 's findings: Allowing either microphone or camera on browserleaks "permanently" leaks LAN IP. In my case - 2 routers = 2 LAN IPs. On webrtc.github.io, allowing even temporarily leaks both LAN IPs.

Dropping down to uBO 1.37.2 and enabling "Prevent WebRTC from leaking local IP addresses" fixes the issue on both sites.

There is no ISP IP leakage from behind the system-wide VPN I'm using. Haven't tried any VPN extensions though.

[gorhill]

There is no ISP IP leakage from behind the system-wide VPN I'm using.

Thanks, I was waiting for a confirmation.

To be clear, these findings have nothing to do with the opening comment, the two screenshots at the root of why the issue was opened had no local IP address in it.

In any case, I don't consider the new finding is a good reason to bring back the setting, because:

• browsers block camera/microphone access by default and a user must expressly grant a permission to access in the first place
  • a reminder that the purpose of the original setting was to prevent all sites from being able to silently access private IP address information, including ISP one when behind a VPN
• the granted permission applies to one site only -- the site one expressly trusted to access microphone/camera feed
  • both Firefox and Chromium allows to block by default such that no request to access is shown at any time (default is to ask)
• it would be utterly silly to worry about a given site being able to know your local IP address after you have expressly given that site permission to listen in on your conversations and access the feed of your camera
• uBO taking over the webRTCIPHandlingPolicy created actual conflicts with extension-based VPN/proxies, and even in browser-based VPN (Opera for example), and possibly causing users to be less protected as a result
  • Typically, good extension-based VPN/proxies offer a way to tighten webRTCIPHandlingPolicy, so one should be using these.

[duaneking]

With respect:

• Not all browsers block this access by default. It's gotten better, but it's not universal, and many brands actively work to minimize device security because they see the default installed software and lack of security as a revenue opportunity. We all know about junkware, let's not pretend it does not exist.

• Granted perms are often difficult to track or revoke in the moment, and advertisers basically make a living finding ways to get past your security/defenses and actively work to limit the security available in browsers because they see browser security as a competitive threat to their continued business. Lets not pretend that companies like Google do not exist that make billions every year from advertising and collection of user data.

• Just because I want to view a websites text content does not mean I want to give it access to my mic or camera constantly.

• Just because a website thinks it's been give access to a camera device does not mean that device is not intentionally virtualized and secured due to lack of trust.

• Just because I want to give one specific page or process access to a devices mic or camera for a single specific thing, does not mean I want that same device to be used in a way that I do not want.

• Access on browsers for mics/camera is utterly broken, not fine grain enough, and should not be used as an excuse to not make the rest of the system more secure.

[gorhill]

I suggest you just install an extension that let you manage WebRTC, for example the official one from webrtc.org, https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia. In Firefox, this can be done in about:config. As already stated, that setting in uBO has been no longer relevant in uBO for years, and was actually causing issues for extension-based VPN/proxy.

What you seem to ask is for uBO to take over management of camera/mic permissions, this has never been a feature in uBO, so this is a feature request which should be opened as its own issue.

[RedSteel-1]

Initially wanted to leave this comment in #1826.

@gorhill , according to the release notes:

"The setting "Prevent WebRTC from leaking local IP addresses" has been removed since it is no longer necessary in modern browsers"

But what about people who are using non-latest browsers where it is necessary? There are people using FF 52/56 because of the extensions, those who still need Flash are sticking to Chromium-87-based browsers, latest Cent and 360 browsers are based on Chromium 86, also Opera 58 where the UI is still not as bad as it is in 60+, XP-users are sticking to {Chromium 48, Opera 36, the mentioned above 360-on-Chr.86}, latest FF versions have horrible UI that many cannot stand, some are sticking to FF 78/91 and/or Chromium-based 88/92 for certain reasons, and etc etc etc. Plenty of examples where (and plenty of reasons why) people are consciously using non-latest browsers.

Why removing the setting instead of keeping it and letting the user decide to use it or not?

I would like to request bringing this setting back and keep the choice for the user.

[uBlock-user]

There are people using FF 52/56 because of the extensions

Minimum supported version now is Firefox 60.

[gorhill]

keep the choice for the user

Those who choose to use outdated browser versions have the choice to use outdated uBO versions.

---

Just to make this clear, no security-conscious person is ever going to advise to use obsolete, no-long-supported versions of a browser, and frankly your top worry when using an obsolete, no-long-supported version of a browser is not uBO no longer supporting a feature which has become unnecessary for years (and one that has been found to conflict with extension-based VPNs/proxies), and for which you can easily install another extension dedicated to this (there are many of them). Your top worry should be all the security holes afflicting your obsolete, no-long-supported version of the browser you are using, and this is your burden to bear instead of asking extension authors out there to bear the burden of your misguided choice.