WebRTC privacy vulnerability with webcoin

[ABISprotocol]

Webcoin (and if I understand it correctly, possibly a future version of Mercury decentralized exchange) is dependent upon WebRTC. This directly exposes the user to certain privacy vulnerabilities, namely, persistent exposure of IP and other information. See for example, a similar issue here:

VoluntaryLabs/Bitmarkets#35

This issue is opened in order that this vulnerability may be fully discussed and that a strong mitigation / prevention for the problem be developed. If an effort is already underway to do so in this repository please provide a link to the specific area of code in a comment in this issue for discussion.

[mappum]

In the case of Webcoin, WebRTC is only needed to communicate with other browser peers. To connect to a full node or a bitcoin proxy, Websocket is used instead (which does not suffer these privacy issues). In Webcoin, users currently only connect to these Websocket peers (the README overstates the dependence on WebRTC).

However, P2P communication with other browser peers may be important in some cases, such as when making trades via Mercury. In this case, I believe it may be possible to alter the WebRTC SDP signalling data to only include IPs which we explicitly want to share.

[ABISprotocol]

There appears to be serious ongoing vulnerability in the case of WebRTC in various browsers and versions, in Firefox as used in Linux distributions as well as other browsers. There is an abject refusal on the part of IETF RTCWEB WG to correct this problem in WebRTC itself (no interest in redesign to correct the problem), and there is no correction or bugfix on the horizon for it in various browsers (it is considered rather experimental in Firefox anyway). Thus for the time being, it would seem either the answer is for developers that would consider using WebRTC to either not use it, or if they are to use it to have to develop some sort of fix for the issue in the context of their application.

With the proposed browser based WebRTC version of BitMarkets which would involve a HTML file download, it is my understanding that the developer(s) are considering utilizing onion routing among peers to mitigate the problem of IP being revealed. (See comment on the subject here.) Are you also considering utilizing onion routing so that users would be able to ensure that they would not be communicating their IP information to the broader network?

[xloem]

I do not see any actual links here indicating real vulnerabilities in WebRTC, neither here nor in the linked thread.

Every device you connect to on the internet already learns your IP address, and this is no different with Bitcoin now than it has been long ago. Additionally, every person you send coins to with Bitcoin already learns the history of those coins and the address you sent them from.

If you want privacy beyond the current norms of the current internet, tools like Tor provide network onion routing already, or ZCash for wallet anonymity.

Unless there is some unlinked security issue here, the proper solution to this would simply be to give users control of what nodes they connect to, enough for them to choose a centralized one if they prefer that.

[hiszpanski]

I think this is no longer an issue. Chrome and most other browsers have replaced IP address host candidates with mDNS host candidates. For example, if your local IP address on your home network is 192.168.1.2, previously this information was available from Javascript. Now, instead of 192.168.1.2, only an ephemeral UUID on the .local TLD is available (e.g. 12345678-1234-5678-abcd-123456789abc.local).

As a side note, it's unclear to me what serious vulnerability knowing a users's local area network IP caused -- the IP is not routable.