webRTC ads (walla.co.il)

[DanIbba]

URL(s) where the issue occurs

walla.co.il

Describe the issue

uBlock origin anti webRTC ads doesn't work

Screenshot(s)

Versions

• Browser/version: chrome
• uBlock Origin version: 1.11.4

Settings

• ISR - Hebrew list

[adkiller126]

Use this https://chrome.google.com/webstore/detail/webrtc-leak-prevent/eiadekoaikejlgdbkbdfeijglgfdalml
Great tool.
Uno team - you should adopt this code.

[gorhill]

This was already fixed, force an update of uBlock filters.

[gorhill]

@adkiller126 1) This is completely unrelated to the issue here; 2) There is already a setting in uBO to prevent local IP address leak.

[gorhill]

Ok, the filter on uBO side does not always reliably work, this means foiling eval does not appear sufficient in the current case:

• Works for the front page: http://www.walla.co.il/.
• Does not work for http://finance.walla.co.il/item/3052220.
• Works for the front page: http://news.walla.co.il/item/3052216.
• Does not work for http://sports.walla.co.il/item/3051752.

This means the fix has to be made in uBO-Extra, and uBO-Extra will have to be used for that site.

[DanIbba]

@gorhill
can you fix it for uBO? maybe we should add some filters in the Hebrew list?

[DanIbba]

btw - I've downloaded the webrtc-leak-prevent and its works great; when I set the IP policy for "Disable non-proxied UDP".

[gorhill]

I've downloaded the webrtc-leak-prevent and its works great;

As said, the purpose of this add-on is not to foil WebRTC connections, its purpose is to prevent leaking local IP addresses, and there is already a setting in uBO for this.

I can't prevent people from fooling themselves, but I can at least try to warn others who are willing to not fall for this nonsense:

[adkiller126]

Do you see ads with this extension?

[uBlock-user]

same as yad2.co.il

If you don't want to use uBO-Extra, add this filter - walla.co.il##script:inject(abort-on-property-read.js, window.btoa)

[adkiller126]

I think we should find a way to kill the webRTC connection. Adding a specific script for each website will be hard.

[uBlock-user]

The filter I posted kills the WebRTC connection, so no ads if you don't want to use uBO-Extra or install uBO-Extra.

[gorhill]

Do you see ads with this extension?

So far, no. However I do see the WebRTC connection being established.

[gorhill]

I tested other sites using WebRTC, and yes, it does seem "Disable non-proxied UDP" prevents these sites from tunnelling their ad data through WebRTC, though it does not prevent the WebRTC connection itself from being established. So apparently this is a virtuous side-effect of the setting. This needs investigation -- I suspect using that setting in uBO could lead to issue in some cases of legit use of WebRTC.

[adkiller126]

This extension success when ubo is not. So i think we should at least look into it.

[adkiller126]

Great. I'm not agree about the legit. This is a well known extension.

[gorhill]

The current used setting in uBO is "Use the default public interface", and issues have been reported even for this level (example: gorhill/uBlock#757). Now I wonder whether increasing one level to "Disable non-proxied UDP" will cause more sites to be affected. This is what needs investigation.

[gorhill]

Here is a legit use: https://webtorrent.io/. Seems to works all fine with "Disable non-proxied UDP".

Given this, I will go ahead and make uBO now use the more strict value for its "Prevent WebRTC from leaking local IP addresses" setting, release the change as rc2, and see what happens from there.

[gorhill]

Easy to test case: https://www.destructoid.com/ -- click-baity ads appears shortly after the page load on the right side.

[adkiller126]

Can't see ads on destructoid with the extension and ubo.

[gorhill]

Change is in 1.11.5rc2.

[gorhill]

I think we should find a way to kill the webRTC connection.

See w3c/webappsec-csp#92. There is currently no way for uBO to do this using a CSP. It's a hole in the spec, being used against users.

[uBlock-user]

Can't see ads on destructoid with the extension and ubo.

fyi Connection is still established though. Run chrome://webrtc-internals there. On Firefox you can disable via about:config setting, unfortunately no such setting/flag for Chromium.

[gorhill]

It's probably a matter of time before those behind these WebRTC-based ads update their stuff and are no longer foiled by the unexpected side-effect. The primary purpose of "Disable non-proxied UDP" is not to block these ads specifically. Once they upgrade their code to do what https://webtorrent.io/ does (which works fine with the stricter setting), then the ads will come back. However, I am willing to use the stricter settings right now due to that nice side effect, despite being unrelated to its primary purpose.

[uBlock-user]

Webtorrent is also using blob, I ran chrome://webrtc-internals no webrtc connection is established, yet it's pulling data via XHRs via this script - https://webtorrent.io/bundle.js

[gorhill]

I ran chrome://webrtc-internals no webrtc connection is established

This is what I see:

[uBlock-user]

This is what I see : -

version is Chromium 59

[IsraeliUser]

Why is this option (Prevent WebRTC from leaking local IP addresses) not enabled by default?

[gorhill]

gorhill/uBlock#757 (comment).

[krackers]

The switch to non-proxied UDP seems to have affected Discord, which can no longer do voice chats under the more restrictive policy.