Announcement

Epic for iOS and Android are live in the App Store and the Android Play Store. We're EpicBrowser on Twitter and on Facebook. Please feel free to also email our Founder directly with issues or questions: alok at hiddenreflex dot com

#1 2015-01-22 09:02:16

Tyler
Guest

WebRTC

First of all, media device enumeration works only in Chromium-based web browsers since Chrome 30 or later.

Device ID's — it's a unique identifiers of an audio/video devices installed in your system. Even if you have no microphone/webcam, Chrome may detect more than one device, such as «Line In», «Aux», «CD Player», etc, depending on the system drivers.

Full list of available media devices you can check in «chrome://settings/content ⇒ Media»

Of course, Google Chrome does not allow foreign websites to see the actual Model ID of your hardware devices, instead it provides self-generated hashes. But at the same time, any website is allowed to take this fingerprints without user confirmation.

How persistent and trackable these Device ID's?

Well, for most users this ID's may remain unchanged for months.

WebRTC Device ID is a HMAC of:

Value of the "media":{"device_id_salt"} located in «Chrome\Data\profile\Preferences». Salt generates randomly at the Chrome's first launch. It's renew every time user doing «Clear browsing data ⇒ Cookies and other site and plug-in data». Also, Incognito Mode does not touch «device_id_salt», but generates its own salt for every session.

Origin, aka «protocol://hostname:port». This dependence is not a problem for user tracking, script can be requested from constant host through iframe, and it will be same origin and same Device ID's on any domains.

Raw Device ID of the physical device installed in your system.


http://www.browserleaks.com/webrtc

Offline

#2 2015-01-29 10:00:46

alok
Administrator

Re: WebRTC

Thanks for the details...you're right, this is a significant privacy issue.  We'll check into this immediately.  We'd like to make WebRTC enable-able via notification.  It may be best though to totally disable it.  We'll investigate.

Offline

#3 2015-02-01 22:42:36

Re: WebRTC

I just wanted to add a bit about this issue.  Thanks for working on it, and I hope you soon find a solution.

According to the web site ipleak.net, Epic Privacy Browser leaks WebRTC requests, thereby revealing the user's IP address, even when the user has invoked the browser's built-in proxy server.  Needless to say, this is an obvious security problem.  Although I haven't used it, there is a Chrome extension built to address this issue.  It's called "WebRTC Block," and it's available at the Chrome store here https://chrome.google.com/webstore/deta … cadhfbkdm.

Could the WebRTC Block extension be adapted for users of the Epic Privacy Browser?

Thanks again for your help.

Offline

#4 2015-02-12 00:00:24

Re: WebRTC

The WebRTC leak problem is well described in a "lifehacker" post published today, February 11, 2015.

Here's a link.

http://lifehacker.com/how-to-see-if-you … 1685180082

Offline

#5 2015-02-12 04:10:04

sathi
Administrator

Re: WebRTC

Hi dickcornflour,

Thaks for sharing the link. We are looking into this issue.

Offline

#6 2015-02-12 22:10:46

dlw1412
Guest

Re: WebRTC

I also went to the link and Epic is leaking my real IP Number. A few proxy extensions from Google work better than Epic. I don't trust this (Epic) anymore.

Offline

#7 2015-02-13 23:27:28

Re: WebRTC

LOL ... i hear crickets! Talk about "Epic" fail!

Offline

#8 2015-02-17 23:56:24

dlw1412
Guest

Re: WebRTC

Epic is still leaking my real IP # on the WebRTC site! Will this be fixed ,,or should i just uninstall Epic?

Offline

#9 2015-02-18 19:21:08

dlw1412
Guest

Re: WebRTC

Hello ,,,,, Anybody !?!?!

Offline

#10 2015-02-19 04:04:16

sathi
Administrator

Re: WebRTC

Hi dlw1412,

Thanks for the post. We are working on stopping the leaks through webrtc. We will come with an update very soon.

Offline

#11 2015-03-10 17:26:25

baak_nl
Guest

Re: WebRTC

Hi Sathi,

Any updates on this topic? When can we expect a webRTC leak free version?

Thanks.

Offline

#12 2015-03-11 08:23:41

sathi
Administrator

Re: WebRTC

Hi baak_nl,

We are working on a solution, we are almost there. We will come with an update a.s.a.p !!

Offline

#13 2015-03-21 21:08:27

madolva
Guest

Re: WebRTC

this product seems to block webrtc for me.
using https://diafygi.github.io/webrtc-ips/ to test.
It's the only chrome-based solution that has so far.

Offline

#14 2015-04-20 21:53:38

baak_nl
Guest

Re: WebRTC

Hi Epic,

What is the status on the WebRTC leak?

Thanks,
baak


sathi wrote:

Hi baak_nl,

We are working on a solution, we are almost there. We will come with an update a.s.a.p !!

Offline

#15 2015-04-22 04:05:24

madolva
Guest

Re: WebRTC

At one time it passed the test, but it sure isn't now?
What's wrong with google, to put this in without a way to disable it.

Offline

#16 2015-06-23 21:57:08

alok
Administrator

Re: WebRTC

WebRTC calls are all blocked. 

Sorry for the late update to this thread.  We tried for awhile to have a notification come up so users could manually activate WebRTC but that was difficult and buggy hence we eventually just blocked all WebRTC calls.  Looks like it's working fine as on this test, the IPs are blank:

https://diafygi.github.io/webrtc-ips/

thanks @madolva

Offline

#17 2017-06-02 14:21:36

victor03303
Guest

Re: WebRTC

Hi

When I visit ipleak.net
My ip is still visible

Offline

#18 2017-06-03 00:21:15

alok_epicteam
Administrator

Re: WebRTC

It may be plugins leaking your IP address.  For maximum protection, in Epic's settings set plugins to click to play or disable them.

Offline

Board footer