package: libjs-jssip tags: security Hi Daniel,
thanks for working on usuable + secure RTC in the webbrowser! During your presentation at the Paris mini-debconf I just learned that your libjs-jssip leaks all networks to the sip server (or calling party), which I consider a privacy violation (which has been implemented to improve the user experience by allowing the application to choose the best network connection). Still, if I connect via route $X I expect this software not to leak my other routes, which might contaín sensitive information. In the talk you said it was trivial to comment out these lines, so I'm asking you to do this by default and optionally allow it. cheers, Holger
Description: This is a digitally signed message part.