Skip to content

Latest commit

 

History

History
417 lines (389 loc) · 16.2 KB

File metadata and controls

417 lines (389 loc) · 16.2 KB

This README is a copy of section 1 - Raw data on the WebRTC evaluation of IP address leaks from the 3-raw-data/README.md file.

Table of contents

Note
1. Raw data on the WebRTC evaluation of IP address leaks
      1.1. Reminder about the network configuration
      1.2. Reminder about the client configurations
      1.3. Data organisation
References

Note

For privacy purposes, all public IP addresses have been anonymised using those reserved for documentation given in RFC 5737 for IPv4 [1] and RFC 3849 for IPv6 [2].

1. Raw data on the WebRTC evaluation of IP address leaks

1.1. Reminder about the network configuration

STUN/TURN machine

Public IPv4 address Public IPv6 address Private IPv4 address Operating System Architecture Service Version Listening port
192.0.2.1 2001:db8::1 10.132.0.8 Ubuntu Server 22.04 LTS arm64 coturn 4.5.2 5349 (TLS)
TShark 4.2.5 N/A

VPN, SOCKS and HTTP/HTTPS proxy machines

Public IPv4 address Public IPv6 address Private IPv4 address Operating System Architecture Service Version Listening port Virtual private IPv4 network Virtual private IPv6 network
198.51.100.1 2001:db8::2 192.168.1.91 Ubuntu Server 24.04 LTS arm64 OpenVPN UDP 2.6.9 1194 10.7.0.0/24 fddd:1194:1194:1194::/64
WireGuard 1.0.20210914 2050 10.8.0.0/24 fd4c:61b4:9648::/64
Dante SOCKS5 proxy 1.4.3 1080 N/A
mitmproxy HTTP/HTTPS proxy 8.1.1 8081 N/A
TShark 4.2.5 N/A

Each VPN (OpenVPN and WireGuard) provides one IPv4 tunnel per client with IPv4 and IPv6 packet forwarding capabilities thanks to their IPv4 and IPv6 virtual networks. A virtual interface per VPN attaching a private IPv4 and IPv6 will therefore be offered to the VPN client.

1.2. Reminder about the client configurations

The leak evaluation was carried out on Linux Ubuntu 22.04 LTS except for Safari, which was carried out on macOS Ventura 13.3.1. Full details of the software and versions used in this evaluation are described in the table below:

The leak evaluation was carried out on Linux Ubuntu 22.04 LTS, Microsoft Windows 11 23H2 and macOS Sonoma 14.5. Full details of the software and versions used in this evaluation are described in the table below:

Linux Windows macOS
Machine Dell Latitude 5520 (2022) Machine Dell Latitude 5540 (2023) Machine Apple MacBook Pro (13-inch, 2022)
CPU Intel Core i5-1145G7 @ 2.60 GHz CPU Intel Core i5-1335U @ 1.30 GHz CPU Apple M2
RAM 16 GiB RAM 8 GiB RAM 16 GiB
GPU Intel® Iris® Xe Graphics GPU Intel® Iris® Xe Graphics GPU Apple M2
Screen resolution 1920x1080 Screen resolution 1920x1080 Screen resolution 2560x1600
Host OS Ubuntu Desktop 22.04 LTS Host OS Windows 11 Pro 23H2 Host OS macOS Sonoma 14.5
Architecture x86-64 Architecture x86-64 Architecture arm64
Network configurations
Ethernet IPv4 address 203.0.113.20 Ethernet IPv4 address 203.0.113.20 Ethernet IPv4 address 203.0.113.20
Ethernet temporary IPv6 address 2001:db8::20 Ethernet temporary IPv6 address 2001:db8::20 Ethernet temporary IPv6 address 2001:db8::20
Ethernet permanent IPv6 address 2001:db8::21 Ethernet permanent IPv6 address 2001:db8::21 Ethernet permanent IPv6 address 2001:db8::21
Wi-Fi IPv4 address 203.0.113.30 Wi-Fi IPv4 address 203.0.113.30 Wi-Fi IPv4 address 203.0.113.30
Wi-Fi temporary IPv6 address 2001:db8::30 Wi-Fi temporary IPv6 address 2001:db8::30 Wi-Fi temporary IPv6 address 2001:db8::30
Wi-Fi permanent IPv6 address 2001:db8::31 Wi-Fi permanent IPv6 address 2001:db8::31 Wi-Fi permanent IPv6 address 2001:db8::31
Natively installed browsers on the host client
Mozilla Firefox v125.0.3 Mozilla Firefox v125.0.3 Mozilla Firefox v125.0.3
Google Chrome v126.0.6478.126 Google Chrome v126.0.6478.127 Google Chrome v126.0.6478.127
Microsoft Edge v126.0.2592.81 Microsoft Edge v126.0.2592.81 Microsoft Edge v126.0.2592.81
Opera v111.0.5168.55 Opera v111.0.5168.55 Opera v111.0.5168.55
Brave Browser v1.67.123 Brave Browser v1.67.123 Brave Browser v1.67.123
Safari v17.5
VPN and SOCKS clients
OpenVPN UDP client OpenVPN 2.5.9 OpenVPN UDP client OpenVPN GUI v11.48.0.0 OpenVPN UDP client Tunnelblick 4.0.1
WireGuard client v1.0.20210914 WireGuard client v0.5.3 WireGuard client v1.0.16
Mozilla Firefox built-in SOCKS client v125.0.3 Mozilla Firefox built-in SOCKS client v125.0.3 Mozilla Firefox built-in SOCKS client v125.0.3
Mozilla Firefox built-in HTTP/S client v125.0.3 Mozilla Firefox built-in HTTP/S client v125.0.3 Mozilla Firefox built-in HTTP/S client v125.0.3
Containerised Mozilla Firefox solution via docker
Docker image Ubuntu Server 22.04 LTS Docker image Ubuntu Server 22.04 LTS Docker image Ubuntu Server 22.04 LTS
Docker image architecture x86-64 Docker image architecture x86-64 Docker image architecture arm64
Containerised Firefox v125.0.3 Containerised Firefox v125.0.3 Containerised Firefox v125.0.3
Docker Engine v26.1.4 Docker Desktop v4.30.0 Docker Desktop v4.30.0
Docker Compose v2.27.1
Host Wayland compositor Mutter v42.9 Host Wayland compositor Weston (provided by WSLg) GitHub commit f227edd6 Host Wayland compositor N/A
Host X server (X.Org/XWayland) Host X server (XWayland) Host X server (XQuartz) v2.8.5
Host PulseAudio server PulseAudio (on PipeWire 0.3.48) Host PulseAudio server (provided by WSLg) GitHub commit 6f045ff0 Host PulseAudio server v17.0
WSL 2 v2.2.4.0
WSL 2 Linux Kernel with camera driver support v5.15.153.1 - Download
WSLg v1.0.61

1.3. Data organisation

In this folder, the data are classified as follows:

  • 1 - Major web browser leaks, corresponding to raw leak data on the various popular web browsers on the market.
  • 2 - MF diff confs leaks, corresponding to raw data from the vanilla Firefox web browser in different configurations (with or without VPN, SOCKS, containerised or not...)
  • 3 - Compro MF diff confs leaks: corresponding to raw data from the compromised Firefox web browser in different configurations (vanilla, with or without VPN, SOCKS, containerised or not...)

where

MF = Mozilla Firefox;
Compro = Compromised;
diff confs = different configurations.

Each configuration tested has two folders: ClientData and STUN-TURN-ServersData.

The data generated by the WebRTC clients is located in the ClientData folder. This is the final list of ICE candidates created by WebRTC clients (file ice-candidates.txt) and the traffic data captured by Wireshark for STUN/TURN requests and responses at the client interfaces. There is one file per mode (RFC 8828 [3] & draft-uberti-ip-handling-ex-mdns-00 [4]) tested (modeX-stun-turn.pacpng) where X is the mode number, and if present, UC - User consent, NUC - No user consent (handled by getUserMedia() [5]).

The traffic data captured by Wireshark on the STUN/TURN server side (located at the same IPv4 and IPv6 addresses) is located in the STUN-TURN-ServersData folder. The naming rule is: name-of-the-configuration-tested-mode-X.pcapng and if present, UC - User consent, NUC - No user consent (handled by getUserMedia() [5]).

If UC and NUC are not present then the consent is defined by the mode [3, 4].

The list of interfaces present and the associated information on the client machine in the test state is present in the ip-a.txt file. This file is either placed at the root of a set of tests if the machine configuration does not change for the set of tests, or placed specifically in the ClientData folder associated with a particular test.

References

[1] J. Arkko, M. Cotton, and L. Vegoda, IPv4 Address Blocks Reserved for Documentation, Internet Engineering Task Force, Request for Comments RFC 5737, Jan. 2010. doi: 10.17487/RFC5737.
[2] G. Huston, A. Lord, and P. F. Smith, IPv6 Address Prefix Reserved for Documentation, Internet Engineering Task Force, Request for Comments RFC 3849, Jul. 2004. doi: 10.17487/RFC3849.
[3] J. Uberti, WebRTC IP Address Handling Requirements, Internet Engineering Task Force, Request for Comments RFC 8828, Jan. 2021. doi: 10.17487/RFC8828.
[4] J. Uberti, J. D. Borst, Q. Wang, and Y. Fablet, WebRTC IP Address Handling Extensions for Multicast DNS, Internet Engineering Task Force, Internet Draft draft-uberti-ip-handling-ex-mdns-00, Nov. 2018. Accessed: Feb. 27, 2024. [Online]. Available: https://datatracker.ietf.org/doc/draft-uberti-ip-handling-ex-mdns-00.
[5] Mozilla, MediaDevices: getUserMedia() method, MDN Web Docs. Accessed: Feb. 22, 2024. [Online]. Available: https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/getUserMedia.