WebRTC

Last updated
WebRTC
Original author(s) Justin Uberti
Peter Thatcher
Initial release2011;13 years ago (2011)
Stable release
1.0 [1] / May 4, 2018;6 years ago (2018-05-04)
Repository webrtc.googlesource.com
Written in C++, [2] JavaScript
Standard(s) w3.org/TR/webrtc/
License BSD license [ citation needed ]
Website webrtc.org

WebRTC (Web Real-Time Communication) is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication and streaming to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps. [3]

Contents

Supported by Apple, Google, Microsoft, Mozilla, and Opera, WebRTC specifications have been published by the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). [4] [5]

History

In May 2010, Google bought Global IP Solutions or GIPS, a VoIP and videoconferencing software company that had developed many components required for RTC, such as codecs and echo cancellation techniques. Google open-sourced the GIPS technology and engaged with relevant standards bodies at the IETF and W3C to ensure industry consensus. [6] [7] In May 2011, Google released an open-source project for browser-based real-time communication known as WebRTC. [8] This has been followed by ongoing work to standardize the relevant protocols in the IETF [9] and browser APIs in the W3C. [10]

In January 2011, Ericsson Labs built the first implementation of WebRTC using a modified WebKit library. [11] [12] In October 2011, the W3C published its first draft for the spec. [13] WebRTC milestones include the first cross-browser video call (February 2013), first cross-browser data transfers (February 2014), and as of July 2014 Google Hangouts was "kind of" using WebRTC. [14]

The W3C draft API was based on preliminary work done in the WHATWG. [15] It was referred to as the ConnectionPeer API, and a pre-standards concept implementation was created at Ericsson Labs. [11] The WebRTC Working Group expects this specification to evolve significantly based on:

In November 2017, the WebRTC 1.0 specification transitioned from Working Draft to Candidate Recommendation. [19]

In January 2021, the WebRTC 1.0 specification transitioned from Candidate Recommendation to Recommendation. [4]

Design

Major components of WebRTC include several JavaScript APIs:

The WebRTC API also includes a statistics function:

The WebRTC API includes no provisions for signaling, that is discovering peers to connect to and determine how to establish connections among them. Applications use Interactive Connectivity Establishment for connections and are responsible for managing sessions, possibly relying on any of Session Initiation Protocol, Extensible Messaging and Presence Protocol (XMPP), Message Queuing Telemetry Transport, Matrix, or another protocol. Signaling may depend on one or more servers. [25] [26]

RFC   7478 requires implementations to provide PCMA/PCMU ( RFC   3551), Telephone Event as DTMF ( RFC   4733), and Opus ( RFC   6716) audio codecs as minimum capabilities. The PeerConnection, data channel and media capture browser APIs are detailed in the W3C specification.

W3C is developing ORTC (Object Real-Time Communications) for WebRTC. [27]

Applications

WebRTC allows browsers to stream files directly to one another, reducing or entirely removing the need for server-side file hosting. WebTorrent uses a WebRTC transport to enable peer-to-peer file sharing using the BitTorrent protocol in the browser. [28] Some file-sharing websites use it to allow users to send files directly to one another in their browsers, although this requires the uploader to keep the tab open until the file has been downloaded. [29] [30] [31] A few CDNs, such as the Microsoft-owned Peer5, use the client's bandwidth to upload media to other connected peers, enabling each peer to act as an edge server. [32] [33]

Although initially developed for web browsers, WebRTC has applications for non-browser devices, including mobile platforms and IoT devices. Examples include browser-based VoIP telephony, also called cloud phones or web phones, which allow calls to be made and received from within a web browser, replacing the requirement to download and install a softphone. [34]

Support

WebRTC is supported by the following browsers (incomplete list; oldest supported version specified):

Codec support across browsers

WebRTC establishes a standard set of codecs which all compliant browsers are required to implement. Some browsers may also support other codecs. [41]

Video codec compatibility
Codec nameProfileBrowser compatibility
H.264 Constrained Baseline (CB)Chrome (52+), Firefox[1], Safari
VP8 -Chrome, Firefox, Safari (12.1+) [42]
VP9 -Chrome (48+), Firefox
Audio codec compatibility
Codec nameBrowser compatibility
Opus Chrome, Firefox, Safari
G.711 PCM (A-law) Chrome, Firefox, Safari
G.711 PCM (μ-law) Chrome, Firefox, Safari
G.722 Chrome, Firefox, Safari
iLBC Chrome, Safari
iSAC Chrome, Safari

Vulnerability

In January 2015, TorrentFreak reported a serious security flaw in browsers supporting WebRTC, that compromised the security of VPN tunnels by exposing a user's true IP address. [43] The IP address read requests are not visible in the browser's developer console, and they are not blocked by most ad blocking, privacy and security add-ons, enabling online tracking despite precautions. [44]

It has been reported that the cause of the address leak is not a bug that can be patched, but is foundational to the way WebRTC operates; however, there are several solutions to mitigate the problem. WebRTC leakage can be tested for, and solutions are offered for most browsers. [45] WebRTC can be disabled, if not required, in most browsers. The uBlock Origin add-on can fix this problem (as some browsers now fix this problem by themselves, from uBlock Origin v1.38 onwards this option has been disabled on these browsers [46] ).

See also

Related Research Articles

<span class="mw-page-title-main">HTTP</span> Application protocol for distributed, collaborative, hypermedia information systems

HTTP is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

In computer network engineering, an Internet Standard is a normative specification of a technology or methodology applicable to the Internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). They allow interoperation of hardware and software from different sources which allows internets to function. As the Internet became global, Internet Standards became the lingua franca of worldwide communications.

A Uniform Resource Identifier (URI), formerly Universal Resource Identifier, is a unique sequence of characters that identifies an abstract or physical resource, such as resources on a webpage, mail address, phone number, books, real-world objects such as people and places, concepts. URIs are used to identify anything described using the Resource Description Framework (RDF), for example, concepts that are part of an ontology defined using the Web Ontology Language (OWL), and people who are described using the Friend of a Friend vocabulary would each have an individual URI.

Transport Layer Security (TLS) is a cryptographic protocol designed to provide communications security over a computer network, such as the Internet. The protocol is widely used in applications such as email, instant messaging, and voice over IP, but its use in securing HTTPS remains the most publicly visible.

In computing, the User-Agent header is an HTTP header intended to identify the user agent responsible for making a given HTTP request. Whereas the character sequence User-Agent comprises the name of the header itself, the header value that a given user agent uses to identify itself is colloquially known as its user agent string. The user agent for the operator of a computer used to access the Web has encoded within the rules that govern its behavior the knowledge of how to negotiate its half of a request-response transaction; the user agent thus plays the role of the client in a client–server system. Often considered useful in networks is the ability to identify and distinguish the software facilitating a network session. For this reason, the User-Agent HTTP header exists to identify the client software to the responding server.

Datagram Transport Layer Security (DTLS) is a communications protocol providing security to datagram-based applications by allowing them to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. The DTLS protocol is based on the stream-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. The DTLS protocol datagram preserves the semantics of the underlying transport—the application does not suffer from the delays associated with stream protocols, but because it uses User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP), the application has to deal with packet reordering, loss of datagram and data larger than the size of a datagram network packet. Because DTLS uses UDP or SCTP rather than TCP it avoids the TCP meltdown problem when being used to create a VPN tunnel.

Link prefetching allows web browsers to pre-load resources. This speeds up both the loading and rendering of web pages. Prefetching was first introduced in HTML5.

Internet Low Bitrate Codec (iLBC) is a royalty-free narrowband speech audio coding format and an open-source reference implementation (codec), developed by Global IP Solutions (GIPS) formerly Global IP Sound. It was formerly freeware with limitations on commercial use, but since 2011 it is available under a free software/open source license as a part of the open source WebRTC project. It is suitable for VoIP applications, streaming audio, archival and messaging. The algorithm is a version of block-independent linear predictive coding, with the choice of data frame lengths of 20 and 30 milliseconds. The encoded blocks have to be encapsulated in a suitable protocol for transport, usually the Real-time Transport Protocol (RTP).

<span class="mw-page-title-main">HTTP referer</span> HTTP header field

In HTTP, "Referer" is an optional HTTP header field that identifies the address of the web page from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.

<span class="mw-page-title-main">HTML5</span> Fifth and previous version of HyperText Markup Language

HTML5 is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML Living Standard. It is maintained by the Web Hypertext Application Technology Working Group (WHATWG), a consortium of the major browser vendors.

<span class="mw-page-title-main">WebSocket</span> Computer network protocol

WebSocket is a computer communications protocol, providing a simultaneous two-way communication channel over a single Transmission Control Protocol (TCP) connection. The WebSocket protocol was standardized by the IETF as RFC 6455 in 2011. The current specification allowing web applications to use this protocol is known as WebSockets. It is a living standard maintained by the WHATWG and a successor to The WebSocket API from the W3C.

<span class="mw-page-title-main">Opus (audio format)</span> Lossy audio coding format

Opus is a lossy audio coding format developed by the Xiph.Org Foundation and standardized by the Internet Engineering Task Force, designed to efficiently code speech and general audio in a single format, while remaining low-latency enough for real-time interactive communication and low-complexity enough for low-end embedded processors. Opus replaces both Vorbis and Speex for new applications, and several blind listening tests have ranked it higher-quality than any other standard audio format at any given bitrate until transparency is reached, including MP3, AAC, and HE-AAC.

HTML audio is a subject of the HTML specification, incorporating audio input, playback, and synthesis, as well as speech to text, all in the browser.

HTTP/2 is a major revision of the HTTP network protocol used by the World Wide Web. It was derived from the earlier experimental SPDY protocol, originally developed by Google. HTTP/2 was developed by the HTTP Working Group of the Internet Engineering Task Force (IETF). HTTP/2 is the first new version of HTTP since HTTP/1.1, which was standardized in RFC 2068 in 1997. The Working Group presented HTTP/2 to the Internet Engineering Steering Group (IESG) for consideration as a Proposed Standard in December 2014, and IESG approved it to publish as Proposed Standard on February 17, 2015. The initial HTTP/2 specification was published as RFC 7540 on May 14, 2015.

WebRTC Gateway connects between WebRTC and an established VoIP technology such as SIP. WebRTC is an API definition drafted by the World Wide Web Consortium (W3C) that supports browser-to-browser applications for voice calling, video chat, and messaging without the need of either internal or external plugins.

A uniform resource locator (URL), colloquially known as an address on the Web, is a reference to a resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifier (URI), although many people use the two terms interchangeably. URLs occur most commonly to reference web pages (HTTP/HTTPS) but are also used for file transfer (FTP), email (mailto), database access (JDBC), and many other applications.

<span class="mw-page-title-main">Well-known URI</span>

A well-known URI is a Uniform Resource Identifier for URL path prefixes that start with /.well-known/. They are implemented in webservers so that requests to the servers for well-known services or information are available at URLs consistent well-known locations across servers.

Token Binding is a proposed standard for a Transport Layer Security (TLS) extension that aims to increase TLS security by using cryptographic certificates on both ends of the TLS connection. Current practice often depends on bearer tokens, which may be lost or stolen. Bearer tokens are also vulnerable to man-in-the-middle attacks or replay attacks. In contrast, bound tokens are established by a user agent that generates a private-public key pair per target server, providing the public key to the server, and thereafter proving possession of the corresponding private key on every TLS connection to the server.

References

  1. "WebRTC 1.0: Real-time Communication Between Browsers". World Wide Web Consortium. 27 September 2018. Archived from the original on 7 April 2019. Retrieved 25 March 2019.
  2. "Src/webrtc - Git at Google". Archived from the original on 2018-04-23. Retrieved 2018-04-22.
  3. How WebRTC Is Revolutionizing Telephony Archived 2014-04-07 at the Wayback Machine . Blogs.trilogy-lte.com (2014-02-21). Retrieved on 2014-04-11.
  4. 1 2 "Web Real-Time Communications (WebRTC) transforms the communications landscape as it becomes a World Wide Web Consortium (W3C) Recommendation and Internet Engineering Task Force (IETF) standards". World Wide Web Consortium. 26 Jan 2021. Archived from the original on 27 July 2022. Retrieved 27 Jan 2021.
  5. "Rtcweb Status Pages". tools.ietf.org. Archived from the original on 2020-04-20. Retrieved 2021-02-18.
  6. "Are the WebRTC components from Google's acquisition of Global IP Solutions?". WebRTC. Archived from the original on 7 June 2011. Retrieved 6 February 2018.
  7. Wauters, Robin (18 May 2010). "Google makes $68.2 million cash offer for Global IP Solutions". TechCrunch. Archived from the original on 7 February 2018. Retrieved 6 February 2018.
  8. Harald Alvestrand (2011-05-31). "Google release of WebRTC source code". public-webrtc@w3.org. Archived from the original on 2013-02-27. Retrieved 2012-09-12.
  9. "Charter of the Real-Time Communication in WEB-browsers (rtcweb) working group". Archived from the original on 2013-11-11. Retrieved 2013-11-11.
  10. "WebRTC 1.0: Real-time Communication Between Browsers". W3.org. Archived from the original on 2012-09-05. Retrieved 2012-09-12.
  11. 1 2 "Beyond HTML5: Peer-to-Peer Conversational Video". Ericsson Research blog. Labs.ericsson.com. 25 January 2011. Archived from the original on 25 February 2017. Retrieved 21 March 2021.
  12. Stefan Håkansson; Stefan Ålund (26 May 2011). "Beyond HTML5: Experiment with Real-Time Communication in a Browser". Ericsson Research blog. Archived from the original on 7 February 2018. Retrieved 6 February 2018.
  13. "WebRTC 1.0: Real-time Communication Between Browsers (W3C Working Draft 27 October 2011)". World Wide Web Consortium. 27 October 2011. Archived from the original on 29 October 2011. Retrieved 6 February 2018.
  14. Nowak, Szymon. "WebRTC: So Much More Than Videoconferencing". GitHub. Archived from the original on 7 February 2018. Retrieved 6 February 2018.
  15. "Introduction — HTML Standard". Whatwg.org. Archived from the original on 2014-08-16. Retrieved 2012-09-12.
  16. "Rtcweb Status Pages". Tools.ietf.org. Archived from the original on 2012-09-05. Retrieved 2012-09-12.
  17. SIP Trunking, MTPL (18 July 2023). "SIP Trunking VoIP with WebRTC SDK". Moon Technolabs. Archived from the original on 5 August 2023. Retrieved 18 July 2023.
  18. "draft-jesup-rtcweb-data-protocol-00 - WebRTC Data Channel Protocol". Tools.ietf.org. Archived from the original on 2012-10-31. Retrieved 2012-09-12.
  19. "WebRTC 1.0: Real-time Communication Between Browsers (W3C Candidate Recommendation 02 November 2017)". 2 November 2017. Archived from the original on 2 November 2017. Retrieved 25 March 2019.
  20. "Media Capture and Streams: getUserMedia". W3C. 2013-09-03. Archived from the original on 2014-01-02. Retrieved 2014-01-15.
  21. "WebRTC: RTCPeerConnection Interface". W3C. 2013-09-10. Archived from the original on 2012-09-05. Retrieved 2014-01-15.
  22. "RFC 8831 - WebRTC Data Channels". datatracker.ietf.org. Archived from the original on 2022-03-10. Retrieved 2022-03-10.
  23. "WebRTC: RTCDataChannel". W3C. 2013-09-10. Archived from the original on 2012-09-05. Retrieved 2014-01-15.
  24. "Identifiers for WebRTC's Statistics API". W3C. 2014-09-29. Archived from the original on 2017-07-15. Retrieved 2017-12-02.
  25. Tsahi Levent-Levi (13 April 2020). "WebRTC Server: What is it exactly?". BlogGeek.me. Archived from the original on 11 May 2020. Retrieved 10 June 2020.
  26. Tsahi Levent-Levi (13 November 2014). "Matrix.org and WebRTC: An Interview with Matthew Hodgson". BlogGeek.me. Archived from the original on 25 February 2021. Retrieved 10 June 2020.
  27. "W3C ORTC (Object Real-time Communications) Community Group". Archived from the original on 2014-10-29. Retrieved 2014-10-29.
  28. "WebTorrent FAQ". webtorrent.io. Archived from the original on 2022-03-11. Retrieved 2022-03-10.
  29. "How to Transfer Files Between Linux, Android, and iOS Using Snapdrop". MUO. 2021-08-04. Archived from the original on 2022-01-29. Retrieved 2022-03-10.
  30. Pinola, Melanie (2014-04-07). "The easiest and quickest way to transfer files between devices on the same network". Computerworld. Archived from the original on 2022-06-28. Retrieved 2022-03-10.
  31. "FilePizza: share files without the middleman in your browser - gHacks Tech News". gHacks Technology News. 2015-05-12. Archived from the original on 2022-01-23. Retrieved 2022-03-10.
  32. Foley, Mary Jo. "Microsoft acquires Peer5 to supplement Teams' live video streaming". ZDNet. Archived from the original on 2022-03-10. Retrieved 2022-03-10.
  33. "Overview - Peer5 P2P Docs". docs.peer5.com. Archived from the original on 2022-03-16. Retrieved 2022-03-10.
  34. "Catch the Babelfish: Irish telco devises a new kind of cloud phone". November 2017. Archived from the original on 2017-11-01. Retrieved 2017-11-20.
  35. "ORTC API is now available in Microsoft Edge". Microsoft. 2015-09-18. Archived from the original on 2015-10-09. Retrieved 2015-09-20.
  36. Firefox Notes - Desktop Archived 2014-08-21 at the Wayback Machine . Mozilla.org (2013-06-25). Retrieved on 2014-04-11.
  37. "Safari 11.0". Apple Inc. Archived from the original on 14 November 2017. Retrieved 6 June 2017.
  38. Opera News Archived 2015-09-07 at the Wayback Machine . blogs.opera.com (2013-11-19). Retrieved on 2015-09-17.
  39. Firefox Notes - Desktop Archived 2021-04-01 at the Wayback Machine . Mozilla.org (2013-09-17). Retrieved on 2014-08-04.
  40. "GStreamer 1.14 release notes". gstreamer.freedesktop.org. Archived from the original on 2018-03-20. Retrieved 2019-12-19. since version 1.15
  41. "Codecs used by WebRTC - Web media technologies | MDN". developer.mozilla.org. Archived from the original on 2021-07-27. Retrieved 2021-07-29.
  42. Fablet, Youenn (2019-03-12). "On the Road to WebRTC 1.0, Including VP8". WebKit. Archived from the original on 2021-07-29. Retrieved 2021-07-29.
  43. Huge Security Flaw Leaks VPN Users’ Real IP-addresses Archived 2021-01-08 at the Wayback Machine TorrentFreak.com (2015-01-30). Retrieved on 2015-02-21.
  44. STUN IP Address requests for WebRTC Archived 2015-02-18 at the Wayback Machine Retrieved on 2015-02-21.
  45. Timmerman, Crystal (28 February 2022). "WebRTC leaks real IP addresses (even with VPN)". IPVanish. Archived from the original on 13 August 2022. Retrieved 12 August 2022.
  46. Raymond Hill (17 Sep 2021). "Prevent WebRTC from leaking local IP address". uBlock Origin documentation. Archived from the original on 21 February 2016. Retrieved 18 Dec 2021.

Further reading

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.