I noticed that the browser leaks the true IP through WebRTC when using a VPN. It does not have about:config menu as Firefox, so I thought it would be nice to have a switch in the settings to enable or disable WebRTC.
As long as our builds are based on WebView we can't really prevent that. This was one of the reasons why Tor's browser is based on Firefox and not using WebView anymore.
I think you can try webview.evaluateJavascript or inject script tag before other scripts in page and set RTCPeerConnection and/or webkitRTCPeerConnection to undefined
what about recompiling webview disabling WebRTC and including in the apk?
I had suggested crosswalk in this comment earlier, but it appears that they aren't updating that any longer https://crosswalk-project.org/blog/crosswalk-final-release.html
This is a pretty big hole for a privacy-focused browser.
Crosswalk is no longer in development. It's more likely that we are going to switch to GeckoView in case we are deciding to abandon the WebView based build.
if google hasn't allowed the ability to turn off webrtc by now, I would guess they won't for whatever data collection reasons they may have...
there's also the option of using Chromium webkit in addition to GeckoView.
I do think an IP leak is a big problem. Is there any workaround on the mean time that would work?
thanks
Unfortunately there's no workaround for Focus currently. For this you'd have to either use regular Firefox (and flip the preferences for this) or OrFox.
How can you label project
Firefox Focus: The privacy browser - Browse like no one鈥檚 watching.
When IP is being leaked. Kind of pathetic false information.
Can't you be sued?
I really think you guys need to figure this one out if you want to be a privacy-focused browser.
Indeed, I believe this is more of a privacy issue here is the live demo for same,
www.ch3114.com/getip.htmlThanks for your input folks - we will re-triage this soon.
please do! thank you!
This is really critical.
Focus has replaced WebView with GeckoView a long time ago. Closing.
Most helpful comment
This is really critical.