It did not take long. Just a few months back TorGuard became aware of a new vulnerability that allowed websites to find real IP of a user by secret STUN requests via WebRTC. Now it seems that we have our first case of what is actually used in the wild, ironically in the name of "user privacy."
Over the last few weeks people started to notice anything unusual when visiting websites arstechnica.com, WashingtonPost .com, nbcnews.com, ft.com, cnbc.com, Bloomberg.com, wired.com and similar US sites. It appeared that all of these websites share the same tracking advertisement JavaScript from a URL. s.tagsrvcs.com in addition, this URL seems to be something to connect every few seconds
further analysis using javascript devtools Chrome revealed that RTCPeerConnection was created and actively making requests to a STUN server :. Ph.tagsrvcs.com. So it was difficult to follow all the action JS code, researchers were able to determine the code has attempted to collect the user's IP address, several times.
Most of us are well aware that websites and online marketing agencies employ methods of monitoring for user analysis and market research. Many choose to block these URLs with applications like Privacy Badger EFF, but these tools are useless against intrusive requests WebRTC STUN. The only way to completely block these requests is to use WebRTC TorGuard the leak block function on VPN, or give up entirely javascript.
Let's break some stuff, huh?
Shortly after this issue has begun to attract more attention, Dan Kaminsky, security researcher and co-founder of WhiteOps, offered an explanation:
"Dan Kaminsky here, my apologies . for kicking a ruckus This is part of a bot detection frame I built in White Ops; we essentially are able to detect automation browser using the resources exposed in JavaScript Nothing dangerous. users - or we would file bugs on what we do from time to time - but it provides useful data regarding the post-exploitation behavior Happy jump on a call with any person concerned or worried;. I'm more . "
on github, Dan explained that the code was actually part of a project he was working on ad networks who helped fight the use of bots:
"This is part of an anti-bot technology I develop in White Ops (whiteops.com) for a while. There are a setback to privacy here; reveals something like 2 / 3rds of bot fraud comes home users who compromised so as to perform more ad fraud. Essentially, we attack the funding channel that allows people hacked. But it does require us to be able to detect piracy, so we have made these tests. "
Just days after defending these actions, Dan disabled all STUN requests. Users have confirmed that the code for WebRTC is more active on these websites and has been replaced by an alternative script.
Do not skimp on user privacy
While the intentions may have been respectable, shares inordinate ambitions that deny the privacy of users almost always come inherit risk. in this case, we must ask, is worth breaking the privacy of the Internet in the name of advertising fraud? We think not.
with big data, comes great responsibility. All advertising network that regularly violates the privacy of the user in the analysis name will in time become a big target themselves for surveillance. If you can not completely trust the person in charge of monitoring all these data, good intentions can turn malicious quickly.
Never give your privacy to some random website or ad network, which is the service plan you probably have access to t. TorGuard anonymous VPN provides easy to use privacy solutions that blocks advertisers to know your own IP address or exact location. With simple VPN applications that have WebRTC block IPv6 leak and leak prevention measures, you can be sure that your personal IP address is nobody's business but your own.
This comment has been removed by the author.
ReplyDeleteWEBRTC perfectly work with PureVPN. Iwas reading a article before couple of days. Read comprehensive article about WebRTC leak? here.
ReplyDeletehttp://purevpnprivacypolicy.blogspot.com/2018/08/what-is-webrtc-leak.html
Grab the best Christmas VPN Deal ever for just $1.34/month
ReplyDeleteIvacy VPN is offering an unbelievable Christmas VPN Lifetime Deal , unlike anything you have seen before!
Ivacy is built for High-Speed VPN connection so that you can enjoy seamless Online Streaming, Unlimited Bandwidth, and a Secure Web-surfing experience.
Enjoy 1825 days of complete online freedom with the internet right at your fingertips.