[tbb-bugs] #14836 [Tor Browser]: Can we compile in WebRTC to allow QRCode bridge entry?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Feb 9 22:00:08 UTC 2015
#14836: Can we compile in WebRTC to allow QRCode bridge entry?
-------------------------------------------------+-------------------------
Reporter: mikeperry | Owner: tbb-
Type: task | team
Priority: normal | Status: new
Component: Tor Browser | Milestone:
Keywords: ff38-esr, tbb-usability-stoppoint- | Version:
wizard | Actual Points:
Parent ID: | Points:
-------------------------------------------------+-------------------------
We should evaluate if we can re-enable the compilation of WebRTC in Tor
Browser. There are two reasons for this:
1. Mozilla may remove the WebRTC compile time switch of WebRTC in future
builds.
2. Enabling WebRTC at compile time may enable Tor Launcher to make use of
the WebCam for scanning QRCodes of bridges.
Mozilla's security team claims that setting media.peerconnection.enabled
to false will completely disable content access to all WebRTC APIs, which
should be sufficient for us. However, my review of the FF31 source showed
that several other things get compiled in to the browser that may or may
not be directly tied to the peerconnection APIs. For example RTSP and SCTP
protocol support gets compiled in, and there may be other ways to use
these protocols elsewhere in the browser. See:
https://gitweb.torproject.org/tor-browser-
spec.git/tree/audits/FF31_NETWORK_AUDIT
FWIW, simple PoC's such as https://diafygi.github.io/webrtc-ips/ fail if
media.peerconnection.enabled is unset, but again, more investigation is
needed.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14836>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list