Aaron van Meerten writes: > I admit this part isn’t my focus, but my understanding is that the > technology is called “Insertable Streams”. The basic idea is a > hook within the WebRTC engine that allows media to be transformed > after capture, but still delivers certain identifiers such as which > packet contains a keyframe, or what volume levels to expect, while > keep the media itself from being parseable by the server, only the end > clients who have the key.
I hope someone (other than surveillance vendors) has thought through whether any of the unencrypted metadata can leak something interesting. E.g. profiling the compression patterns in order to get some kind of statistics about the plaintext. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/schuster https://ieeexplore.ieee.org/abstract/document/4531143 https://ieeexplore.ieee.org/abstract/document/5958018 https://dl.acm.org/doi/abs/10.1145/3029806.3029821 Real-time video and audio compression with variable-rate codecs is (like other uses of compression together with encryption) already pretty risky. Adding more metadata about the streams might make it worse. It might be good to ask the researchers on some of these and similar papers whether the cleartext information that is still provided in this WebRTC model is an eavesdropping risk. > However, future iterations would definitely use something more > sophisticated around confirming identity and possibly using algorithms > similar to Signal for generating the keys. I'm excited that you're working on that! -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public & archives are searchable from any major commercial search engine. Violations of list guidelines will get you moderated: https://lists.ghserv.net/mailman/listinfo/lt. Unsubscribe, change to digest mode, or change password by emailing [email protected].
