Fingerprintability of WebRTC

Abstract: We examine WebRTC's suitability as a means of Internet censorship circumvention. WebRTC is a framework and suite of protocols for peer-to-peer communication between web browsers. We analyze the implementation differences in instantiations of WebRTC that make it possible to "fingerprint" implementations--potentially distinguishing circumvention-related uses from ordinary ones. This question is relevant to Snowflake, an upcoming circumvention system that uses WebRTC to turn web browsers into temporary peer-to-peer proxies. We conduct a manual analysis of WebRTC-using applications in order to map the space of distinguishing implementation features. We run a fingerprinting script on a day's worth of network traffic in order to quantify WebRTC's prevalence and diversity. Throughout, we find pitfalls that indicate that resisting fingerprinting in WebRTC is likely to be non-trivial.