From f0980b5cb84a9f576ff4afa60c1ae39cbba3b86f Mon Sep 17 00:00:00 2001
From: earthlng <earthlng@users.noreply.github.com>
Date: Fri, 22 Nov 2019 15:19:37 +0000
Subject: [PATCH] 2002: add proxy_only_if_behind_proxy

---
 user.js | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/user.js b/user.js
index 6d429fd..503ff6d 100644
--- a/user.js
+++ b/user.js
@@ -882,11 +882,14 @@ user_pref("_user.js.parrot", "2000 syntax error: the parrot's snuffed it!");
  * [1] https://www.privacytools.io/#webrtc ***/
 user_pref("media.peerconnection.enabled", false);
 /* 2002: limit WebRTC IP leaks if using WebRTC
+ * In FF70+ these settings match Mode 4 (Mode 3 in older versions) (see [3])
  * [TEST] https://browserleaks.com/webrtc
  * [1] https://bugzilla.mozilla.org/buglist.cgi?bug_id=1189041,1297416
- * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy ***/
+ * [2] https://wiki.mozilla.org/Media/WebRTC/Privacy
+ * [3] https://tools.ietf.org/html/draft-ietf-rtcweb-ip-handling-12#section-5.2 ***/
 user_pref("media.peerconnection.ice.default_address_only", true);
 user_pref("media.peerconnection.ice.no_host", true); // [FF51+]
+user_pref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // [FF70+]
 /* 2010: disable WebGL (Web Graphics Library)
  * [SETUP-WEB] When disabled, may break some websites. When enabled, provides high entropy,
  * especially with readPixels(). Some of the other entropy is lessened with RFP (see 4501)