On Sun, 14 Jun 2020 at 02:42, Seth David Schoen <[email protected]> wrote: > > Aaron van Meerten writes: > > > I admit this part isn’t my focus, but my understanding is that the > > technology is called “Insertable Streams”. The basic idea is a > > hook within the WebRTC engine that allows media to be transformed > > after capture, but still delivers certain identifiers such as which > > packet contains a keyframe, or what volume levels to expect, while > > keep the media itself from being parseable by the server, only the end > > clients who have the key.
Thanks for this; this is immediately understandable why it's blocking E2E multiparty video. E2E two-person voice/video should still be achievable easily in Firefox by exposing the peer's certificate fingerprints and allowing the parties to compare them audibly. You know, minus the whole bit where they wrote a paper about ZRTP where they apparently tricked people successfully. =/ > I hope someone (other than surveillance vendors) has thought through > whether any of the unencrypted metadata can leak something interesting. > E.g. profiling the compression patterns in order to get some kind of > statistics about the plaintext. > > https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schuster > https://ieeexplore.ieee.org/abstract/document/4531143 > https://ieeexplore.ieee.org/abstract/document/5958018 > https://dl.acm.org/doi/abs/10.1145/3029806.3029821 > > Real-time video and audio compression with variable-rate codecs is > (like other uses of compression together with encryption) already pretty > risky. Adding more metadata about the streams might make it worse. > > It might be good to ask the researchers on some of these and similar > papers whether the cleartext information that is still provided in this > WebRTC model is an eavesdropping risk. I think the answer is probably "Yes these attacks can work." And my response would be "Let's solve one problem at a time." Insertable streams allow you to tackle this problem as well: you can pad a variable-bit codec out to fixed-bit, or swap the codec entirely. So once you've got multiparty E2E we can take the next step. -tom -- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
