Is Web RTC secure?
Is WebRTC secure?
iMac (21.5-inch, Late 2013), macOS High Sierra (10.13.3)
2 replies
You got an answer which was garbage. A screencap of the default settings and some remarkably vague documentation? Let's try again.
Is WebRTC secure?
Yes.
Yes in the sense that there are no known exploits. Of course, we're always the last to know though, aren't we?
Also, privacy is not the same as security.
WebRTC is a communication protocol, that allows remote requests for your system hardware, such requests for your system's hardware to be correctly guided to your computer.
There is a thing called NAT, or Network Address Translation. Your router has 2 network cards, one connected to the internet, one connected to inside your house. The inside network is the private network. It's ip addresses are not routed to the internet, hence the name. IP ranges like 192.168.0.x or 10.x.x.x or 172.16.x.x. NAT is what maps your external ip, what you find when you go online to find your ip address, to your internal ip, which is what your Airport shows you from the admin screen. A side effect of NAT, is that it isolates the internal network from the external one.
This frustrates developers. It hides your computer from the internet. This means that their code has difficulty finding which machine is yours. In the past, you had to make a mistake, such as downloading a trojan. One such trojan was called Adobe Flash. Superficially it was to play movies, but that's not what all the security warnings were all about. What Flash did was allow remote code to find your system, and run some of it as you, probably as "admin." Adobe's problem was that all the exploits exploited the functionality of the system, so very hard to fix, since it was serving its purpose.
This is the design objective of WebRTC. Just like Flash, if it's working properly, it defeats NAT, which is your greatest defense against the outside world living on the inside world. So, if it's working properly, it is a security hole, because it means that web developers can access your hardware.
You'll see chat programs as the primary use case for this tech, which is odd, because if I have access to your microphone, why, I'll turn it on and then listen for ultrasonic, signals which your microphone can hear clearly, but you cannot, when you visit the sites of my "partners." I'll let them know, for a small fee, it's very valuable information to them.
Won't you notice it when this happens?
Autoplay. Surely you've noticed it.
Another example?
New York Times used WebRTC to defeat adblocking on it's sites as well as next generation user tracking, data to be sold.
Anyways, no way to turn it off. I guess just stand up and be counted. Thanks Apple.
Is Web RTC secure?