[SETUP-WEB] If you are not hiding your public IP, this is pointless,

What exactly is pointless?

I am browsing behind the same public IP that about 3-5k users are.
Even being on DHCP, most of the time DHCP works like giving the same IP address to the same host if available at that moment... which mostly always is on some private networks, not like public WiFi spots or similar.
I am not so sure, but still I think that in this case hiding private IP is not pointless. Or is it?

in a nutshell

• AF only caters for desktop
• FF uses mDNS for desktop (except Win7/8.*)
• Hiding your private IP is therefore covered (except Win7/8.*)
  • i.e when you are not accepting/initiating WebRTC video/audio - i.e it is user initiated
• TEST first
  • I am on win7, and I am not leaking a private IP address (when not sharing video/audio)
    • https://www.ovpn.com/en/webrtc-leak-test
    • https://www.expressvpn.com/webrtc-leak-test
    • https://www.experte.com/webrtc-leak
    • https://browserleaks.com/webrtc
    • https://webbrowsertools.com/test-webrtc-leak/
  • IDK why this is

here is a post from earlier: fxbrit said

most important references from this issue:

• mDNS explained.
• 2 yo mDNS ticket at bugzilla.
• media.peerconnection.ice.obfuscate_host_addresses is the pref that controls mDNS. android is fucked
• win7/win8.* doesn't support mDNS at all.
• IP is still exposed in this case, see here. if you're sharing the screen I think it's fair to assume that using the private IP is not an issue.
• media.peerconnection.ice.proxy_only_if_behind_proxy should stay imo, it only proxies webrtc inside the proxy / vpn. see this comment, although it is from the pre mDNS era.

I am not so sure, but still I think that in this case hiding private IP is not pointless. Or is it?

Sure, there will always be edge cases, But IF you leak a private IP address, that will add to fingerprinting - but leaking your public IP is going to be far more damaging IMO - it depends on how unique your private IP is vs your public one.

It's pointless in the context of being worried about leaking a private IP but not the public one - you've got your priorities back to front.

Edit: I changed the draft it to "mostly pointless". My point is that if you're trying to be anonymous, you need to protect the IP. Another example is what I said about FPing - you're still returning an IP, even if it's a large VPN and you constantly hop, they can still be linked

so it works like this:

• whether you use a VPN or not, mDNS always kicks in and it protects your private IP by returning N/A.
• after you allow mic OR camera access, it will however need a private address.
  • if you have a VPN it will grab two -> yours and the other one is probably at the VPN provider (not sure).
  • if you have a VPN and you use media.peerconnection.ice.default_address_only it will grab one -> the VPN provider one (again not sure).
  • if you do NOT have a VPN it will grab one -> yours.
  • if you do NOT have a VPN media.peerconnection.ice.default_address_only does nothing and it will grab one -> yours.
  • media.peerconnection.ice.no_host always returns N/A, whether you have a VPN or not -> it causes breakage and it often needs to be reverted for webrtc to work.

.until you allow mic OR camera access, then it will need a private address.

shouldn't that be AFTER you allow .... it then needs a private address

• media.peerconnection.ice.default_address_only: "limit ICE candidates to the default interface only" according to mozilla, but it's not that good lol. this might also help you with wording. btw reading that link, do you want to mention something about within-LAN calls potentially going through TURN servers? in theory a non issue as long as the call is encrypted and the server isn't malicious, but I'm not super familiar with TURN.
• media.peerconnection.ice.no_host: "eliminate all local addresses from the candidates" (from same link as above) sounds good. I would write:

  [SETUP-HARDEN] This will protect your private IP address even when you allow microphone or camera access, which often results in breakage on video-conferencing platforms.

what's not so good about it? can you elaborate

it isn't a very understandable description, but it could be passable for lack of a better one I guess.

I suggest media.peerconnection.ice.relay_only: only generate relay (TURN) candidates for ICE, so neither private IP nor public IP will be leaked.
It seems that many popular WebRTC based applications support TURN servers.
I have ever observed that some websites abuse WebRTC STUN servers to occupy upload bandwidth, ads delivery, etc. without user consent.

Indeed, not all WebRTC services support this, but a lot of web conferencing services support this, e.g. Google Meet

https://gitlab.com/librewolf-community/settings/-/issues/108

I'm proposing zero breakage and that media.peerconnection.ice.no_host be inactive - WbeRTC requires user permissions

I'm proposing zero breakage

it would fuck over win7 and 8.x users.

we cater to the majority to reduce friction

would you really want to leave these users out of this protection for one pref flip tho? we also don't have a clear indication of how much breakage that causes in the real world, maybe it's only a zoom/meet thing.

@fxbrit do we need to change the win7/8 info (see last PR edit) based on that comment .. and looking at sparkling glitter-gitter disco LW room -> is this what you're referring to ? https://searchfox.org/mozilla-central/source/dom/media/webrtc/transport/mdns_service/src/lib.rs#447

yes, that's the mDNS implementation in Firefox which covers the fact that older Win versions do not support mDNS natively. so we can remove the (except Windows7/8) bit since Android is the only platform without proper obfuscation and you documented that by adding desktop.

edit: forgot to mention that the above was confirmed on Mozilla's Matrix room so I 100% trust they are correct and my initial assumption was wrong.

• Firefox desktop uses mDNS hostname obfuscation on desktop (except Windows7/8)

if I remove the (except Windows7/8) part it's not strictly true, is it? Win7/8 does not use mDNS, it uses a built in FF fallback obfuscation

^ just want to get the wording correct, suggest away

it uses Firefox's own implementation of mDNS, so it's still correct. I would write:

/* 2001: disable WebRTC (Web Real-Time Communication)
 * Firefox desktop uses mDNS hostname obfuscation and the
 * private IP is NEVER exposed, except if required in TRUSTED scenarios; i.e. after
 * you grant device (microphone or camera) access
 * [TEST] https://browserleaks.com/webrtc
 ...

so remove the win7/8 bit and the [SETUP-HARDEN] tag.

the other webrtc prefs descriptions still apply.

fuck, I added desktop when it was already there ... this is what happens when you snort sugar

4d81df8