[guardian-dev] [Guardian-internal] Fwd: Messaging Moving Forward
Timur Mehrvarz
timur.mehrvarz at riseup.net
Tue Jul 30 01:55:50 EDT 2013
On 21.05.2013 22:17, Nathan of Guardian wrote:
> On 05/18/2013 06:34 PM, David Oliver wrote:
>
>> Also, what about WebRTC? That's a Google-championed effort.
>
> There were a few WebRTC sessions at IO. I think it is still considered
> experimental.
>
I've played around with WebRTC in Firefox and Chrome. I've written a
small but selfcontained RTC rendezvous ("signaling" in Google lingo)
service. Pure data (text based chat) currently works work best in
Firefox (22+ on the desktop; nightly 25+ on Android). Functionality is
stable and usability is great: all you need is the browser.
Because WebRTC is about direct browser-to-browser communication,
anonymity is not what it provides. But I would like to find out what you
think about the security being provided. WebRTC is making use of
DTLS-SRTP keying (http://tools.ietf.org/html/rfc5764). I was a little
surprised to see that TCPdump is showing a constant data stream on the
UDP port, even when no user data is being transfered.
As someone else asked in the Tox.im thread: is this secure and safe to use?
-Timur
More information about the Guardian-dev
mailing list