Prevent Webrtc Media Devices leak


#1

When I did a test using (https://browserleaks.com/webrtc) I found that all my device unique ids (microphone,webcam,audio,video, etc) are accessible. I did the same on firefox and the device unique ids are not visible. Could you please implement security countermeasures to prevent this.

I would suggest to remove the device label information and also to generate a different salted hash device id each time the browser is restarted or new private/new session tab is opened.


#2

Hello,

Unique device IDs themselves are not a problem, but Brave does not uniquely set them between different browsing sessions, so they can be used for cross-session tracking. cf https://w3c.github.io/mediacapture-main/#def-constraint-deviceId

Also the feature to clear the IDs manually is under consideration and will be implemented. You can track the development here: https://github.com/brave/browser-laptop/issues/4157

Thanks.


#3

Hi Suguru

Thanks for your reply. But I still believe that it would be good if a new device id is generated for every new session tab and every new private tab. Since the current ticket in gihub describes about deleting cookies and browsing data and then restarting brave to get new device ids. And I also think its good to have the device labels more generic like in firefox rather than the exact name, model and serial number of the device.


#4

This site is able to access IP information on mobile Safari (even though other sites show WebRTC disabled) and mobile Brave and desktop Brave on macOS Sierra, and collects some really interesting other info.


#5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.