eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

216
active users

#webrtc

0 posts0 participants0 posts today
Replied in thread

@mray @cwebber would love to know as well.

For people not in the know, @librecast is a R&D initiative that's innovating the internet stack with support of @NGIZero and @nlnet

First, to enable #multicast on the unicast internet an overlay network is planned, based on #WebRTC. See:

librecast.net/librecast-strate

#Librecast LIVE will bring all the technology together, to demonstrate and be a reference implementation. With #ActivityPub support being planned. See:

librecast.net/live.html

librecast.netLibrecast - Decentralisation and Privacy with Multicast

So, dann schauen wir mal, ob Europa in der Lage ist, die DS-GVO anzuwenden und die Verantwortlichen der irischen Datenschutzkommission (Data Protection Commission, DPC) die cojones haben, Meta mit der Höchststrafe für Datenschutzverstöße zu beglücken.
localmess.github.io/
Was denkst du?
#webRTC #meta #yandex #dsgvo

localmess.github.ioCovert Web-to-App Tracking via Localhost on Android
Continued thread

Both #Yandex and #Meta used obfuscation techniques to hide that the traffic occured and/or that the apps were listening to these requests:

➡️ Meta traffic was using #WebRTC, which does not show up in the browser's developer tools
➡️ Yandex traffic looked non-local
➡️ Yandex apps started listening only after several days

BTW: Apparently, Meta stopped doing this yesterday. But they probably still have the mapping DB.
All the details by the researchers here.
localmess.github.io/

localmess.github.ioCovert Web-to-App Tracking via Localhost on Android

Staggering how far #Meta will go to de-anonymise users.

arstechnica.com/security/2025/

I was actually surprised it took so long because this is not a new loophole. We discussed this issue almost 10 years ago in a different context: #WebRTC allows to circumvent the secure origin policy.

github.com/w3c/webappsec-csp/i

I made a PoC back then

lgrahl.de/examples/dc/webrtc-c

which still works to this day. It is also hard to prevent because the PoC doesn't do anything that is forbidden. It leverages a currently essential part of the STUN protocol.

Don't get me wrong, I'm all in for making an effort to remove all user-controllable input, but now we might see shortcuts being taken to get things fixed quickly, potentially destroying a bunch of nice and niche use cases along the way.

Ars Technica · Meta and Yandex are de-anonymizing Android users’ web browsing identifiersBy Dan Goodin

Another question for my #WebRTC friends: Do you know what *exactly* makes an audio stream sync up with a video stream in libwebrtc?

Is it the a=msid:<stream-id> <track-id> grouping on the sender side?

Is it the a=msid:<stream-id> <track-id> grouping on the receiver side?

Is it both? Or is it something else entirely, e.g. do we need to create a MediaStream from both tracks on the sender or the receiver? Or do we need to attach both audio and video tracks to the same <video> element?

@steely_glint @lminiero @danjenkins @s

After taking a closer look at #XMPP clients for the #linux desktop, there's this frustrating "tie" for finding a favorite.

#Dino, which is likeable for being able to do video and audio calls, only has limited support for multi-user chat (complete with fancy moderation tools). These audio and video calls it can do are AMD64-only at this time.

#Gajim, which is likeable for being able to do multi-user chat well (with great moderation tools), alas, can't do audio and video calls to the other XMPP clients (like, say, #Conversations, as they use a newer #WebRTC-based method now).

So there's this strange situation where one is tempted to use both at the same time.

My takeaway is that #Conversations for #Android is the only xmpp client that I would possibly and carefully recommend to family and friends at this time, as it can cover all of the above. (#Monal on #iOS/#MacOS only has "partial" support for Multi-user chat, BTW.)

Yes I'm aware of the existence of Snikket, Quicksy, and Prav. No need to chime in on those.