Support board for people running on (retail/OEM) Windows XP (32/64-bit).
Forum rules
This is a self-serve support board for our community. The development team can't provide any support for Windows XP (and compatible versions of Pale Moon for it) any longer.
-
Thehandyman1957
Unread post
by Thehandyman1957 » 2015-07-17, 23:59
Hello all, I ran into an article that kinda got my attention and I thought I would ask about it.
Here is a small portion of the transcript with the link below.
The NY Times has recently come under fire for exploiting a known web vulnerability against all website visitors involving WebRTC.
The NY Times is collecting every local IP even VPN users by taking advantage of a well documented exploit against WebRTC. The Times is even using clunky and poorly written JavaScript to carry out their attack.
http://no-adware.com/blog/ny-times-webrtc-hack/
The reason this caught my attention is because it states that even if your using a VNP like I am it makes no difference.
Can you tell me if Pale Moon uses this and if so is there a way to shut it down. It would be a real bummer to find that even after going through the trouble to pay for my VPN that it has been a waste of my money and security.
Thanks
Handy
-
jb28147
Unread post
by jb28147 » 2015-07-18, 00:08
Thehandyman1957 wrote:Can you tell me if Pale Moon uses this and if so is there a way to shut it down. It would be a real bummer to find that even after going through the trouble to pay for my VPN that it has been a waste of my money and security.
http://www.palemoon.org/technical.shtml
WebRTC is disabled in Pale Moon.
-
Thehandyman1957
Unread post
by Thehandyman1957 » 2015-07-18, 00:46
I guess I should be more specific on my version of Pale Moon. I'm using the XP/Atom version.
-
jb28147
Unread post
by jb28147 » 2015-07-18, 01:15
Thehandyman1957 wrote:I guess I should be more specific on my version of Pale Moon. I'm using the XP/Atom version.
The Atom version uses the same code as the normal version. If it's disabled in the normal version, it'll also be disabled in the Atom version as well.
-
Thehandyman1957
Unread post
by Thehandyman1957 » 2015-07-18, 01:38
So I looked up your link and the wording is not clear,
WebRTC. Apart from opening up a whole can of worms security/privacy-wise, "Web Real Time Chat" (comparable with Skype video calls and the likes) is not considered useful or desired functionality for Pale Moon (both according to the developers and the users of the browser at large). This is best left to dedicated programs or at most a browser plug-in.
Does this mean they simply took it out or is it simply disabled? The reason I ask is if you look further down it talks about another item and it says this.
A few miscellaneous things like the crashreporter and telemetry data gathering have been completely removed since they require server-side components that are not in place at palemoon.org, as well as the latter severely impacting user privacy.
So in the second item it is made very clear that they were completely removed.
Clarity on this would be welcome. Also, if an item is simply disabled, can a hacker turn those back on?
-
Moonchild
- Pale Moon guru
- Posts: 37685
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-07-18, 09:31
WebRTC is disabled at build-time. It is not built, cannot be enabled by the end-user or abused by any site.
So the code (well, an early spec implementation) is still present in the source tree (for now anyway) but is not included in the actual product.
"A dead end street is a place to turn around and go into a new direction" - Anonymous
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
Thehandyman1957
Unread post
by Thehandyman1957 » 2015-07-20, 01:15
Thank you Moonchild for clearing that up
That is good to know.
