[Crypto-chi] STUN, WebRTC and the circumvention of VPNs

[Mason Donahue]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

See:
https://github.com/diafygi/webrtc-ips

Oddly enough, this also worked for me in the Firefox session I use
that's completely-tunneled through SSH for working from home (DNS and
localhost traffic are also proxied).

The request completely ignores proxy settings, which would be
considered "working as designed" as far as STUN is concerned except
for the fact that, you know, it allows anyone to create an arbitrary
connection to a STUN server from your machine if they can run
javascript on it.

Tor Browser didn't return anything, thankfully.

STUN, by the way, is one of those results of our
every-computer-behind-a-NAT-firewall world. It exists to attempt to
allow peer-to-peer connections (not in the sense of filesharing but in
the sense of "not through a centralized, service-specific server").
For example, SIP (a VoIP protocol) can use STUN to connect between two
devices behind NAT firewalls, like the case of two people on laptops
behind residential wifi routers trying to place a call to each other.
https://en.wikipedia.org/wiki/STUN

Sigh.

- --Mason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUzDsYAAoJEFCCEeW7GLh+VdIIALytocZfJfycI3JGxo2Hz1qf
I6vAB208qZlznQ2fZMdeo1vSJmJZ6oklYiXb3q181QsCqRPJiYjSMDqCRXWOpEKg
0Y9bbzIZDWWCjwPDRZSzqMH5mikWFQDdRcyxXtO8C3LW1y5ZOYI5BsVX3myrGCze
AO51ywutH69bwC1LRIORqvdYUcgFfJf9UGAvpmy/JbnjAze7ZDk5PKHKoYKR0T27
ByNJcljMf+1rfQRUAHwzocBUgT4+5rlT0xSam4P9rNknv+Wr6TALuZhF9KcVAgcV
l+BpMD+YfExof8nMbhDwHoy7PGfjyypJpL8IxEK5/85zpLf4pgT8iYlPoh0MgO4=
=hj8x
-----END PGP SIGNATURE-----