Talk - WebRTC - Privacy question

does Talk uses WebRTC?
Is WebRTC needed to be able to use Talk? (in both ends)?
if yes:
how that relates to those that use VPN and dont want to be exposed?
"WebRTC is a new communication protocol that relies on JavaScript that can leak your actual IP address from behind your VPN. "

Thanks for feedback.

Yes, Talk uses WebRTC.

Put the Talk/Stun/Turn/Media servers behind a firewall (Cisco, Sophos, PaloAlto, etc.) if you want to neutralize the leak… Require attendees connect to it first…

Thanks Henry.
Do you mean I would have to install Stun/Turn/Media servers locally?


You could try this script if you run Ubuntu 20.04. Everything is configured for you automatically.

Strictly speaking, you won’t need Stun servers when all attendees are on the same subnet.
And that will be exactly the case when you make people connect to a firewall…

Are you sure you need this level of security/privacy?

We are not talking about people showing up uninvited during video conferences as was the case with Zoom few months ago.
We are not talking about MITM sniffing on conference calls when you don’t encrypt the communication channel.
We are talking about preventing an IP address leak!

Is the fact that this particular IP was part of this particular conference at this time really worth protecting this much?

even then the leak is to Nextcloud (and we don’t log anything on the STUN server) and to your own server (…)

WebRTC can indeed be used to gain info about users, but that is only really relevant on websites you don’t trust. If you don’t trust your own Nextcloud server, well… hum. Maybe stay off the internet :wink:

Of course less leaking of info would be better but sadly without WebRTC you can’t have video calls so it is kind of a hard requirement. That would be like saying you want to have a video call, but no camera’s or microphones please, those are risky for your privacy. You’re right, but it kind’a isn’t possible… :wink:

So, I trust my Nextcloud.
Lets say:
I put NC outside my VPN.
But I connect remotely with VPN to make a video call.
Here is where I dont know if me and the other party that could be under VPN, would have a IP leak.
Or is the server?
I can be ok with the idea I have to leave with NC Talk using WebRTC… I just need to figure who is leaking the IP. NC is ok as I have it reachable from outside.
What about users on VPN connecting to it and making a video call?
[dont get me me wrong. I love NC and I would not change it even if I have to accept WebRTC leaking my IP. I probably temporarily disable VPN on clients ]

I don’t quite understand…
Is NC “outside”, i.e. does it have a public IP address?

If yes, why do people need VPN to connect to it?
If no, what is the VPN you use? How do you get from the client to NC?

Apologies for not have explained correctly.
No, my NC has a private IP (or rather a public one of 192.168.x.x type) and behind a mikrotik router. I created a subnet outside the VPN. Clients might or might not connect from VPN.
People reach the NC from anywhere and possibly (certainly me and a couple of others) behind a VPN.
If yes, why do people need VPN to connect to it?
for privacy reasons I am behind VPN constantly.

I am trying to understand what are the implication of using WebRTC when behind VPN.

If VPN is NOT a must and the NC server has a 192 IP address, you must be doing some port forwarding on your MikroTik.
Meaning, people without VPN use some other IP (your MikroTik’s outside IP address) to connect to your NC - the 192 is not routable…