[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #21863 [Applications/Tor Browser]: Ensure proxy safety on Android



#21863: Ensure proxy safety on Android
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  sysrqb
     Type:  defect                               |         Status:
                                                 |  accepted
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-7.0-must, tbb-       |  Actual Points:
  proxy-bypass, TorBrowserTeam201807             |
Parent ID:  #26531                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by sysrqb):

 Replying to [comment:28 n8fr8]:
 > I thought @amoghbl had found and patched all of these cases. We
 definitely focused on checking for DNS leaks in the past, using a variety
 of web based DNS leak test tools.
 >
 > The goal has been to directly proxy everything using HTTP and SOCKs, and
 not rely on the Android OS proxy subsystems at all, since they are not
 reliable, especially on WAN networks.
 >
 > This is also all related to the fact that there are 3 different HTTP
 packages in use within Fennec, making standardized proxying hard.

 I agree. There were a lot of conflicts when I was applying the proxy-safe
 Orfox patches, so I did a lot of patching by hand. I wanted to be sure we
 didn't miss any new instances of proxy-bypass, so auditing the current
 code seemed like a good idea.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21863#comment:31>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs