v1.9.1-1
Sign in

Security & Networking

Security measures and networking configuration for Cliqer, including WebRTC technology.

Cliqer uses WebRTC (Web Real-Time Communication) to establish direct or relayed communication channels between the presenter's control device and the host computer running the presentation software.

WebRTC Technology in Cliqer

Cliqer uses WebRTC via native RTCPeerConnection and PeerJS to enable real-time communication between devices.

Components used by Cliqer:

  • RTCPeerConnection: Establishes and manages the connection between host and presenter devices.
  • RTCDataChannel: Sends control signals (next slide, previous slide, laser pointer coordinates) with low latency.
  • Signaling: Cliqer uses WebSocket signaling via to exchange connection metadata before establishing the WebRTC peer connection.

Security

  1. Encrypted Communication:
    • Signaling Server Security: All connections to Cliqer's signaling server use HTTPS/WSS (WebSocket Secure).
    • WebRTC Encryption: Data channels are secured using DTLS (Datagram Transport Layer Security). Media streams (when used) are encrypted via SRTP (Secure Real-time Transport Protocol).
    • Control signals are encrypted end-to-end once the WebRTC peer-to-peer (or relayed) connection is established.
  2. Application Permissions:

    Cliqer requires explicit user consent for Accessibility and Automation controls (System Settings > Privacy & Security).

    • Accessibility: Required for sending keystrokes and mouse events to presentation software.
    • Automation: Required for controlling System Events and presentation applications directly.
  3. Secure Links: Presenter links are cryptographically generated and session-specific. Treat these links as sensitive information.
  4. Software Updates: Keep Cliqer, your OS, and presentation software updated for security patches.

Networking and Ports

  1. Internet Connection: Both host and presenter devices require a stable internet connection.
  2. Firewall Configuration:
    • Cliqer requires outbound connections to signaling and STUN/TURN servers.
    • Windows Defender or third-party firewalls must allow Cliqer network access.
  3. STUN/TURN Servers:
    Cliqer uses the following servers for NAT traversal:
    ServerURLPortProtocolPurpose
    Cloudflare STUNstun:stun.cloudflare.com3478UDPPublic IP discovery
    Cliqer STUNstun:rtc.cliqer.io3478UDPNAT traversal
    Cliqer TURNturn:turn.cliqer.io3478UDP/TCPRelay fallback
    Cliqer TURNSturns:turn.cliqer.io443TLS/TCPSecure relay fallback

    TURN credentials are generated via HMAC-SHA1 with a 24-hour TTL and rotate automatically.
  4. Dynamic UDP Ports: WebRTC uses dynamic UDP ports for data exchange. Restrictive firewalls blocking UDP traffic force connections through TURN servers over TCP.
  5. No Inbound Port Forwarding Required: Cliqer initiates outbound connections to signaling and relay servers. No inbound port forwarding configuration is needed.

API Reference

For programmatic access to TURN credentials, see the WebRTC API documentation.

Advanced Topics

Professional features and configurations for enterprise deployments and complex event setups.

Multi-Host Setup

Connect multiple hosts to a single room for backup redundancy, synchronized multi-presentation control, or automatic failover.

Copyright © 2026. All rights reserved.