WebRTC

This enables applications such as video conferencing , file transfer or data transfer , chat and desktop sharing . A web server (with or without user administration) is required to establish a connection between the clients involved and, in the case of clients in private IPv4 address ranges behind NAPT routers, their public IP addresses and port numbers (for example by a STUN -Server).

The reference implementation is distributed as free software in source code under the terms of a BSD-like license . OpenWebRTC is another free implementation based on the multimedia framework GStreamer , which is particularly suitable for browser-independent, native applications and also supports H.264 .

history

In May 2010, bought by Google Inc. , the company Global IP Solutions with it (GIPS) and acquired ownership of the underlying technology. A W3C working group has been working on standardization since spring 2011. Another working group at the Internet Engineering Task Force (IETF), which was formed in May 2011, supports the standardization work. On June 1, 2011, Google Inc. released the reference software framework as free software . The design of the programming interface is based on preliminary work by the Web Hypertext Application Technology Working Group (WHATWG).

WebRTC already works in stable publications from Opera and Google Chrome as well as Mozilla Firefox , manufacturer prefixes are sometimes still required. Firefox also offered a built-in interface called Firefox Hello for using WebRTC, which was later removed. Microsoft is working on an implementation of the programming interfaces in Internet Explorer . WebRTC is seen as an attack on the extensive monopoly of Skype in desktop VoIP applications, although Microsoft apparently wanted to use WebRTC with Skype. Now Microsoft wants to establish its own standard CU-RTC as a standard with the Internet standardization committee W3C. In February 2017 Microsoft added support for WebRTC to its own browser Edge . Apple introduced WebRTC in Safari 11.0 in July 2017 .

technology

In addition to a number of multimedia codecs that are at least to be supported (license-free), standard-compliant implementations can support any other method. For audio, Opus is intended to be the preferred method in addition to the support for A-law and µ-law, which is also required for compatibility with conventional telephone systems . The newer Internet standard Opus replaces the previously used iLBC and iSAC developed by GIPS . In addition, Google advocates the video codec VP8 , which it has bought itself free, as a mandatory video format that is presented as having no alternative. In addition to the supplied multimedia codecs, the reference implementation also includes tools for, among other things, background noise suppression and the software library libjingle .

Vulnerabilities

IP leak

In connection with WebRTC, private IP addresses can be read out via JavaScript despite a VPN connection. The example Firefox Hello excludes computers behind a firewall and with private IP addresses. Therefore, a website with JavaScript can have a STUN server ask for the actual IP address. As a result, anonymization services no longer serve their purpose and can no longer offer protection against an IP leak.

Countermeasures

There are two ways of protecting against an IP leak. One option is to install add-ons / plugins to prevent the public IP address from being passed on, for example "WebRTC Leak Prevent" or "Easy WebRTC Block".

The other option is to change the settings in the browser. In Firefox, the value media.peerconnection.enabled can be set to false via about: config, which prevents an IP leak.

Commonly referred to as ad blockers known cross-platform browser extension ublock Origin filtering tools offers in their settings in the "Privacy" the switchable way to prevent the release of the local IP address via WebRTC.

Web links

• Official website
• Description of the function in Firefox ( Hello )

swell

1. ↑ WebRTC reveals the IP address. In: spyoff.com. Retrieved February 26, 2016 . 
2. ↑ Jens Ihlenfeld: Google buys specialists for real-time communication, golem.de, May 18, 2010
3. ↑ http://lists.w3.org/Archives/Public/public-webrtc/2011Apr/0001.html
4. ↑ http://tools.ietf.org/wg/rtcweb/charters?item=charter-rtcweb-2011-05-03.txt
5. ↑ Harald Alvestrand / Google Inc .: Google release of WebRTC source code , public-webrtc@w3.org, June 1, 2011
6. ↑ ^{a b} Fabian A. Scherschel: Google proposes VP8 and Opus for WebRTC standard , The H Open, July 31, 2012
7. ↑ Can I use: WebRTC Peer-to-peer connections. Retrieved September 3, 2016 . 
8. ↑ Firefox Hello - Free, Easy Video Calling. In: Mozilla. Retrieved November 15, 2015 . 
9. ↑ Archive link ( Memento from March 7, 2016 in the Internet Archive )
10. ↑ ^{a b} Jörg Thoma: Free HTML5 framework for real-time communication, golem.de, June 1, 2011
11. ↑ Janko Roettgers : Scoop: Microsoft bets on WebRTC for Skype's browser future , GigaOM, June 26, 2012
12. ↑ Format war with video chat: WebRTC against CU-RTC heise.de
13. ↑ WebRTC in Microsoft Edge added Microsoft TechWiese
14. ↑ WebRTC in the Safari Browser What's new in Safari
15. ↑ Dele Olajide: Jingle WebRTC Transport Proto , February 17, 2012
16. ↑ Is WebRTC Secure? In: 3CX. Retrieved November 15, 2015 (American English). 
17. ↑ http://tools.ietf.org/html/draft-cbran-rtcweb-codec-02#section-3
18. ↑ Jens Ihlenfeld: Google wants to make VP8 and Opus mandatory , golem.de, July 30, 2012
19. ↑ How secure is IP telephony. In: golem.de. Retrieved February 26, 2016 . 
20. ↑ Chrome Web Store, WebRTC Leak Prevent. Accessed June 16, 2016 . 
21. ↑ Easy WebRTC Block (Google Chrome). Retrieved January 25, 2017 . 
22. ↑ Easy WebRTC Block (Opera). Retrieved January 25, 2017 (English). 
23. ↑ Switch off WebRTC and continue surfing anonymously. In: blog.spyoff.com. Retrieved February 26, 2016 .