mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#webrtc

3 posts3 participants0 posts today

Here comes Movim 0.31, codename Kameny ✨

With this exciting new release you'll be able to share simultaneously your screen and webcam when calling your friends 👀, switch quickly between your one-to-one chats and chatrooms ⚡, add your pronoun in your profile 🏳️‍🌈...

Checkout our release note to discover all the other new features of this version 🗒️

mov.im/community/pubsub.movim.

Thanks again to @nlnet for their support on the video-conference features ❤️

#xmpp#movim#release
Replied in thread

@mray @cwebber would love to know as well.

For people not in the know, @librecast is a R&D initiative that's innovating the internet stack with support of @NGIZero and @nlnet

First, to enable #multicast on the unicast internet an overlay network is planned, based on #WebRTC. See:

librecast.net/librecast-strate

#Librecast LIVE will bring all the technology together, to demonstrate and be a reference implementation. With #ActivityPub support being planned. See:

librecast.net/live.html

librecast.netLibrecast - Decentralisation and Privacy with Multicast

So, dann schauen wir mal, ob Europa in der Lage ist, die DS-GVO anzuwenden und die Verantwortlichen der irischen Datenschutzkommission (Data Protection Commission, DPC) die cojones haben, Meta mit der Höchststrafe für Datenschutzverstöße zu beglücken.
localmess.github.io/
Was denkst du?
#webRTC #meta #yandex #dsgvo

localmess.github.ioCovert Web-to-App Tracking via Localhost on Android
Continued thread

Both #Yandex and #Meta used obfuscation techniques to hide that the traffic occured and/or that the apps were listening to these requests:

➡️ Meta traffic was using #WebRTC, which does not show up in the browser's developer tools
➡️ Yandex traffic looked non-local
➡️ Yandex apps started listening only after several days

BTW: Apparently, Meta stopped doing this yesterday. But they probably still have the mapping DB.
All the details by the researchers here.
localmess.github.io/

localmess.github.ioCovert Web-to-App Tracking via Localhost on Android

Staggering how far #Meta will go to de-anonymise users.

arstechnica.com/security/2025/

I was actually surprised it took so long because this is not a new loophole. We discussed this issue almost 10 years ago in a different context: #WebRTC allows to circumvent the secure origin policy.

github.com/w3c/webappsec-csp/i

I made a PoC back then

lgrahl.de/examples/dc/webrtc-c

which still works to this day. It is also hard to prevent because the PoC doesn't do anything that is forbidden. It leverages a currently essential part of the STUN protocol.

Don't get me wrong, I'm all in for making an effort to remove all user-controllable input, but now we might see shortcuts being taken to get things fixed quickly, potentially destroying a bunch of nice and niche use cases along the way.

Ars Technica · Meta and Yandex are de-anonymizing Android users’ web browsing identifiersBy Dan Goodin