WebRTC Security: Real-Time Data Flaw Leaks Endpoint IP Addresses
…and frameworks such as GDPR, HIPAA and ISO 27001 provide guidance for service providers.
In the final analysis, the purpose of WebRTC is to improve speed when using “live” applications, according to web tracking experts. And these are only increasing in popularity.
“And which browser wants to deliberately make live applications worse?” asks Daniel Steen, founder and CTO of MirageID, a provider of dedicated browsers that mitigate online tracking and monitoring. “But that is only part of the story. People believe if you block your IP address you can be anonymous. That may have been true five or 10 years ago, but in today’s age of deep user tracking, behavioral analysis and browser fingerprinting, IP addresses are only the tip of the iceberg. Users can be tracked in so many ways that blocking your IP is only marginally effective. What browser wants to disable a useful protocol for little real gain?”
It all comes down to WebRTC security leaks versus usability.
“Remember endpoint security is about risk management,” said Rene Kolga, vice president of product strategy at Nyotron, an endpoint security provider. “And you have to consider what is the risk of the WebRTC data flaw, compared to the benefit that you get and how much you have to invest to verify a lack of WebRTC data leaks. Again, if you can use an encrypted connection, it will help.”