As far as I know, WebRTC reveals IP addresses of two peers. Suppose that an app uses WebRTC and all traffic go through application server if group call is used. Can ISP see IP addresses of group participants in this case?
6
-
Unknown, depends on its design. Also not a security question.– LvBCommented Dec 1, 2020 at 19:57
-
Depends on the actual implementation. Group calls can be done peer 2 peer (i.e. each peer gets traffic from each other) in which case the IP will be visible since it is needed for the direct communication. The data can be mixed or just forwarded by a central server - in which case only the local IP and the IP of the server need to be revealed. Of course, it might be that the other IP get revealed anyway due to other implementation details.– Steffen UllrichCommented Dec 1, 2020 at 21:27
-
@SteffenUllrich Thanks for clear answer. I was thinking that, when all traffic go through app server, all data exchanges made by server. Does Facetime use other method in group conversation?– user215422Commented Dec 3, 2020 at 20:07
-
@user215422: "... when all traffic go through app server, ..."* - but does actually all traffic go through the app server? The app server might just be used for call signaling but the actual audio and video is shared directly between peers and will be combined there. I don't know what specific apps do but you might get a glimpse when you are capturing the traffic to see where the actually go - all to a single server or major parts directly to the other peers.– Steffen UllrichCommented Dec 3, 2020 at 20:22
-
@SteffenUllrich Thanks. I understand better. Some programs are encrypted in transit. Data is decrypted in server and reencrypted. After that encrypted data is sent all peers from server (e.g. Jitsi). If I understand right, there is no direct connection between peers. Because server should reencrypt and send data to all peers. Does ISP only see IP of Jitsi server and one peer or some/all peers in this case?– user215422Commented Dec 4, 2020 at 19:47
|
Show 1 more comment
1 Answer
Group calls are peer-to-peer by default in WebRTC. So your ISP will see the IP address of all participating peers. But often times peers are behind symmetric NAT which prevents peers to establish peer-to-peer communication. To workaround this, WebRTC fallsback to TURN server to relay communication of peers that are sitting behind symmetric NAT.
If some of the participating peers are being relayed by TURN, your ISP will see the IP address of TURN server as well as the IP address of other participating peers whose traffic is not being relayed. If your traffic is being relayed by TURN, then your ISP will see only the IP address of TURN server.
Note that if you are on wifi network, instant-messenger like WhatsApp switches to uPnP for peer-to-peer communication if your wifi router supports uPnP. For uPnP, symmetric NAT is not a problem so your communication with other participating peers will always be peer-to-peer if they are also on uPnP supported wifi network.