Webrtc grapheneos query

DeletedUser443

May be a stupid query that makes no sense since i dont know much but is there a graphene system setting to turn off webview or webrtc system wide?

If not, is there an app or program I can install that will accomplish blocking all webrtc?

gvprtskvni

DeletedUser443 Maybe not entirely relevant to this question but I asked Mullvad directly about why WebRTC isn't disabled by default in their browser and they said the following:

Q: Hello! Why is WebRTC enabled by default in Mullvad Browser? Isn't it recommended (by yourselves, for example: https://mullvad.net/en/help/webrtc) to turn it off when using a VPN so that your real IP address isn't leaked? Does that not apply to Mullvad Browser?

A: Hello! WebRTC leaks are extremely rare nowadays, so it would be a shame to disable WebRTC for all users from the outset when it's not really necessary. If, contrary to expectations, you do see a leak, e.g. in our Connection check, you can disable it yourself.

Of course, this is about WebRTC leaks in a web browser. Personally, I wouldn't trust a proprietary phone app to not contain deliberate spy ware. Better to use their web app when possible.

secrec

Yeah, your question is definitely in the realm of "makes no sense". Webrtc is implemented at the level of user-application, not system.

DeletedUser443

secrec the reason why it asked it is that there was an app advertised that said it blocked all ads and protected against webrtc leaks but didn't make that much sense to me so I had a feeling my question may not make sense lol

I know some vpns successfully protect against webrtc leaks and others don't too so I wasn't sure how it all worked

Meatheadmarty

secrec I don't agree. Even though webrtc is application based, a new user may not know if Graphene takes steps to block a webrtc inquiry generally.

if someone installs a so-so VPN that may not block all internal IPs or leave certain openings and then a user goes to a web page using a browser that allows webrtc and the webpage tries to use webrtc, does graphene have hardening that would prevent an origination IP from showing in the operating system?

neotux

DeletedUser443 there was an app advertised that said it blocked all ads and protected against webrtc leaks

Out of curiosity, what app was that?

DeletedUser443

neotux I'll see if I can find it. I wasn't really convinced lol so I deleted page. I'll try to recall what it was. It was an android ad blocker that I just happen to come across and it was trying to get people to install the ad blocker that apparently blocked all webrtc leaks but in the research I've done, I don't believe that is possible

de0u

Meatheadmarty if someone installs a so-so VPN that may not block all internal IPs or leave certain openings and then a user goes to a web page using a browser that allows webrtc and the webpage tries to use webrtc, does graphene have hardening that would prevent an origination IP from showing in the operating system?

I don't believe so.

I suspect the advice would be to get a better VPN client.

Even if the browser were to try to trap some kind of traffic, any regular app could leak information. Or the web app could leak information without WebRTC!

Is it possible to indicate why WebRTC seems more dangerous than any other network traffic?

secrec

Meatheadmarty Do you know of any way to conclusively determine whether or not some encrypted traffic is webrtc? Do you know what webrtc is? How would the OPERATING SYSTEM know if a user-installed WEB BROWSER (or any other application) is using webrtc?

DeletedUser443

de0u It not a serious risk per se

But as I am used to concealing my ip by habit for many years all the time with always on vpn, block connections without vpn and disable webrtc in the browser, it's just become something I'm "used to" and it feels uncomfortable knowing an app could leak the real ip. I guess it's more of a feeling because I'm used to it

I guess the best way of putting it is: I don't use an umbrella with holes in it. I like an umbrella to block all rain, not most. Same with using a vpn and also trying to block webrtc leaks. I don't want to block my ip most of the time. I'd like to be fairly confident my ip is blocked all the time, which is the purpose of me doing these things in the first place

de0u

DeletedUser443 Any network traffic that gets around the VPN would leak your IP address -- WebRTC traffic or anything else. Asking for a WebRTC filter, as opposed to a SOAP filter or a GraphQL filter or a gRPC filter, suggests a belief that WebRTC traffic is somehow more powerful than other traffic at leaking IP addresses. Is it possible to indicate why a filter for WebRTC seems more necessary than for other protocols?

de0u

DeletedUser443 Reading around a bit, there are a bunch of articles from around 2018 claiming that various VPNs were not catching STUN traffic, thus WebRTC code in some browsers determined the public IP address. More recently I am seeing lots of WebRTC leak testers and lots of VPN providers warning potential customers that maybe unspecified competitors leak public IP addresses via WebRTC, but it's not clear it's actually still happening.

I think the thing to do would be to use a good VPN and, if desired, periodically run some leak tests. Note that WebRTC isn't limited to browsers; any app can run the protocol too (source). And even without WebRTC, any app could use STUN to determine an IP address -- or could roll its own equivalent protocol.

I think the solution to leaky VPN clients is to use a non-leaky VPN client.