Opened 4 years ago

Last modified 12 months ago

#4455 closed change

WebRTC circumvention — at Initial Version

Reported by: kzar Assignee:
Priority: P2 Milestone: Adblock-Plus-1.13.3-for-Chrome-Opera
Module: Platform Keywords:
Cc: sebastian, trev, mapx, ameshkov, fhd, greiner, fanboy, Lain_13, dzr156, SMed79, IsraeliAdblocker, Ross Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Ross Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29401590/
https://codereview.adblockplus.org/29420555/

Description

Background

Some websites have begun using WebRTC as a way to serve advertising. Neither Firefox nor Chrome allow these connections to be blocked with their extension APIs.

The AdGuard guys have found some example code in the wild, it appears to be using RTCPeerConnection specifically:

new (window.RTCPeerConnection || window.mozRTCPeerConnection || window.webkitRTCPeerConnection)({
  iceServers: [{url: "stun:1755001826:443"}]
},{
  optional: [{RtpDataChannels: !0}]
});

It looks like Content Security Policies can't be used to block these connections and that in Chrome WebRTC can't be disabled at all!

Resources

What to change

Investigate / discuss what we should do next.

  • Perhaps we should wrap RTCPeerConnection but how feasible is that? Also is there anything else that would need to be wrapped too?
  • Perhaps we can have Mozilla provide us with the power to block these connections in Firefox?

Change History (0)

Note: See TracTickets for help on using tickets.