[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #12411 [Orbot]: Orbot broke using DNSPort
#12411: Orbot broke using DNSPort
-------------------------------------------------+-------------------------
Reporter: isis | Owner: n8fr8
Type: defect | Status: new
Priority: normal | Milestone:
Component: Orbot | Version:
Keywords: orbot-14.0.3.1, orbot-14.0.4, wtf, | Actual Points:
software-engineering | Points:
Parent ID: |
-------------------------------------------------+-------------------------
Orbot 14.0.3.1 completely breaks networking, if you have firewall scripts
which don't allow leaks.
'''THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS,
EXCEPT NOT IN A GOOD WAY.'''
This is because Orbot (as of 14.0.3.1 and later)
[https://gitweb.torproject.org/orbot.git/commitdiff/2ce9ea92f14f7b5c04798809f0c262475766977e
sets `DNSPort 0`], which disables tor's `DNSPort` entirely. This means
that people who use iptables scripts outside of Orbot (as described in
[https://blog.torproject.org/blog/mission-impossible-hardening-android-
security-and-privacy Mike Perry's recent blog post]) to redirect UDP DNS
traffic to the `DNSPort` cannot do so. It also means that ''every other
application will leak traffic all over the place''.
Currently, the only way to fix this mess is to force stop and uninstall
Orbot, download an older (14.0.1) .apk onto another device, and copy it
over manually to the broken one to reinstall it. This is ridiculous.
You're practically bricking people's devices, and you're forcing them to
jump through extreme hoops to preserve their anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12411>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs