3. Problem Statement
3. Problem Statement
The ICE protocol requires gathering all possible candidate addresses to maximize the probability of connection success. This includes:
- Host candidates: Network interfaces directly attached to the device (e.g., Ethernet, Wi-Fi).
- Server reflexive candidates: Public IP addresses derived from STUN servers.
- Relay candidates: Relayed addresses from TURN servers.
If a device is behind a NAT, its host candidate is typically a private RFC 1918 address (e.g., 192.168.1.5). Key privacy issues include:
- Fingerprinting: The set of local IP addresses (especially if multiple interfaces exist, like a VPN) can act as a unique identifier for the user over time or across sites.
- Location Tracking: Revealing the public IP address allows coarse location tracking. (Note: WebRTC cannot completely hide the public IP if a direct connection is desired, but local IPs add granularity).
- Network Topology Exposure: Revealing internal IP schemes gives attackers information about the local network structure.