RealTimeWeekly | Using WebRTC to transfer private data
webrtc, privacy, security, datachannel
16434
single,single-post,postid-16434,single-format-standard,ajax_fade,page_not_loaded,,qode-theme-ver-5.9,wpb-js-composer js-comp-ver-4.3.4,vc_responsive
 

Using WebRTC to transfer private data

Screen Shot 2015-03-07 at 4.01.18 PM

07 Mar Using WebRTC to transfer private data

WebRTC is best known for its video and audio chat capabilities, but a number of WebRTC pundits have been predicting for a while that the most revolutionary WebRTC apps will be more focused on the Data Channel.  Recently I heard about Glirup, and it’s a great example of a creative use of the WebRTC Data Channel.

Imagine that you have some piece of information that is very private to you, but you need to transfer it to someone else over the internet.  Perhaps it’s a copy of your passport, a bank account number, or medical information.  Sending that by email is not secure.  You could use Dropbox, but there’s still that little voice in the back of your head wondering “What if Dropbox gets hacked?” Out there on some company’s servers is your data, just sitting there.

Instead, imagine transferring the file directly from your computer to the person you want to see it, with no intermediary server involved.  Directly peer to peer.  Oh, and encrypt it in transport too, just for extra security.

That is exactly the sort of thing possible with WebRTC, and Orfeo Morello has built an interesting app called GLIR-UP which allows you to do just that.  I became aware of GLIR-UP because of this article that Orfeo wrote on Medium about using GLIR-UP to transfer medical data.  I didn’t quite get it at first, but I saved the link and came back to it later.

This is how the GLIR-UP home page summarizes what it does:

Screen Shot 2015-03-07 at 4.01.10 PM

Sounds cool, but Orfeo is a much smarter person than me obviously, because I had to think for a minute “what the heck does ephemeral mean?”.  Thank you Google….

Screen Shot 2015-03-07 at 3.44.14 PM

Of course!  Ephemeral is something that is fleeting and transient.  This is starting to sound very cool … I am transferring the data to someone else over an encrypted peer-to-peer WebRTC connection, and then that data is going to disappear if the other person doesn’t download it to their computer.  I don’t have to worry about any servers or hackers in the middle, and it’s not going to be permanently archived in my gmail account or on some server backup.

It sounds cool, so I had to give it a spin.  Here are steps, as outlined on the GLIR-UP site:

Screen Shot 2015-03-07 at 4.04.11 PM

Seems pretty easy, so let’s take a look at it in action…

When you click on the “Use it for Free” link from the home page, you immediately go to a page to upload your document.  No user account or other login is necessary … this tool is all about privacy and just gets you straight to the point.  I uploaded a PDF document containing a screen shot.

Screen Shot 2015-03-01 at 5.12.42 PM

 

In my screen shot, I’ve left the javascript console open so you can see the output messages from PeerJS showing the WebRTC traffic.  Right under my uploaded document, GLIR-UP has given me the private (and ephemeral!) URL that I can share with others.

When I take that URL and look at it in another browser, I can see what my colleague would see.

Screen Shot 2015-03-01 at 5.12.55 PM

For my test, I had uploaded a PDF containing screen shots from a customer application.  I blurred out the details from the image, but again, I left the javascript console open and you can see the PeerJS traffic on the client side.

This is cool!  Both users have to be in a WebRTC enabled browser of course, otherwise you’ll get a message like this when I tried to open the same URL in Safari:

Screen Shot 2015-03-01 at 5.11.32 PM

But here’s the coolest part.  Now that I was sure what the word ephemeral means, I had to test if this link truly was fleeting.  I closed my original browser where I had uploaded the file.  That browser was the one that contained the “web server” where the file could be transferred via WebRTC’s Data Channel.  Then I took the same URL and pulled it up again in a new browser…

Screen Shot 2015-03-01 at 5.14.42 PM

It’s gone!  I have no fear of leaving the auto generated GLIR-UP URL’s in this article, because as soon as I closed that browser, there was no way any of you can get to the same document I had uploaded to it.

GLIR-UP is a very simple and interesting application of the DataChannel, and Orfeo may be on to something big here.  That shouldn’t be a surprise, this is not Orfeo’s first product utilizing WebRTC.  He also built SecretlyMeet.me, a “line for your private encounters” using WebRTC.  Tsahi Levent-Levi had an interesting interview with Orfeo about this product in the past.

Not to leave out the more well known parts of WebRTC, it is also possible in GLIR-UP to have an audio conversation with the person you transferred this file to, but the real focus of this app is all about the Data.  And all about privacy and security, just as it should be.

What are you building with WebRTC?  If you’ve got an interesting framework or application of WebRTC or other real time technologies that you want to share with us, or if you need help with building your WebRTC application, drop me a line at arin@agilityfeat.com.

No Comments

Sorry, the comment form is closed at this time.