Is WebRTC safe? — An honest approach to Web-Real Time Communication security concerns

WebRTC, short for Web Real-Time Communication, has come to change the way people communicate through the internet. WebRTC is a technology that allows websites and other platforms to capture and transmit multimedia data such as audio and video, and also allows data exchange between users with no need for a third party or a mediator. There is no need for any software or plug-in installation: the user just needs a suitable browser to access the WebRTC widget, like Okomo, and start sharing and receiving the real time media.

It sounds exciting: sharing video, doing calls with others with no need to install software from unknown sources on your computer and putting yourself at risk of also being opening the door to some malware that might come along. However, some people may have concerns regarding the security of WebRTC technology, especially about privacy issues. This happens because users are allowing access to their devices, such as camera or microphone, and naturally begin to think how far this access can go. There is not much to fear about WebRTC since it runs on top of software and hardware that already have privacy and security policies designed to protect the user.
But what is the real meaning of this?

Imagine a robber is trying to enter your house and steal the jewellery you have on your safe. The robber will have to go through your building door, then your house door and at last he/she has to open your safe. The robber has to pass three levels of security to gain access to your goods. But you trust on the safety of your building, the steadiness of your locked front door and the liability of your safe. The same thing happens between the resources you use to gain access to WebRTC technology.

You trust your computer, the sum of its hardware, software and firmware work together to enforce the security policies. Then you open your browser to access the internet. The browser, as Chrome or Firefox for example, are constantly updating and improving browsing security, fixing problems that are detected and adding new ways of protecting users from external attacks. And, at last, you access your WebRTC widget that runs on top of your browser, that in turn is integrated on your Operating System.

“As WebRTC’s components are offered as part of a browser, they are likewise updated whenever the browser is updated. If a future vulnerability were to be found in a browser’s WebRTC implementation, a fix will likely be delivered rapidly.”

WebRTC is therefore as trustable as is your browser and your computer.

Before you to start a live video with Okomo widget you will receive a permission request to access your camera and microphone, it is your choice to give it or not, but the WebRTC application will not arbitrarily gain access to these devices. Even during a call, you can turn on and off your camera and mic, so the control of what you share is really on your side. Either way, the browser will inform you of which devices on your computer are being used by the application. On Google Chrome, for example, when your camera is being used you will see a camera icon on the right corner of the browser when using Live Video on Okomo.

One other security advantage of WebRTC is that when comparing to VoIP, for example, is that encryption is always there because the code carries native built-in features that approach security concerns. WebRTC encrypts communication between users, from one end to the other, on any server, which guaranties a secure and safe real time communication and data sharing. Here is the explanation about how Okomo encrypts the audio and video during a call:

“When you start an audio or video call, the devices on both sides generate a random key that becomes encrypted during its exchange. Subsequently, a direct connection between the devices is created (P2P), so that the data can be transmitted directly, without detour via a server. The same applies to the Shared Screen feature.”

WebRTC is also an open source project, meaning that the main code is public and everyone can access it and make contributions. The advantage of this is that there are many people keeping an eye on possible bugs and security issues.

Regarding the data you share, like your e-mail, it depends on companies behind the WebRTC based app you are using what to do with them. In the case of Okomo, we do not share them with a third party. “The complete data transfer is protected by means of the https protocol (TLS) and encrypted in a secure manner. If you click on the lock icon in the upper left corner of the URL bar in your browser, you will get further information about the encryption. “

If you want, you can also read our Privacy and Cookies Policy declaration to find out more about how data is treated.

Okomo has been designed with the safety in mind, maintaining all call, video calls and screen sharing encrypted, and this are not optional features. Our end users can be assured that their data is kept safe and private, and it is not shared by any means with third parties.

To find more about all the features that Okomo offers, visit our website. You can also go for a trial period of 14 days, with no need to provide credit card information. Remember that Okomo does not require any software installation, you just need a browser to use it. As a WebRTC based widget, Okomo positions itself as one of the safest ways of web communication services providing security to its users.