On Friday, June 17, 2016 at 10:28:55 AM UTC-4, Paul Ellenbogen wrote: > At the moment, WebRTC does not check if connections are okay by content > policies > <https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIContentPolicy> > . > > WebRTC data channels as a side channel around content policy has potential > for abuse. For example, ad blockers use content policy to block ads, so > advertisers may be able to load their ads on a page using data channels > where the traditional methods would be blocked.
A real case of RTCPeerConnection used in the wild to deliver ads: merriam-webster.com. On my side, I do block all 3rd parties by default, but the site was able to circumvent my wish to not connect to 3rd parties. The only solution I found for now given that network requests from RTCPeerConnection are not going through the browser's HTTP observer is to inject a script in the page to prevent the use of RTCPeerConnection. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
