[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor-fi: risks of mobile hotspot feature in Orbot 1.0.6
Orbot 1.0.6 has a new feature that allows someone with a rooted Android
device that offers wifi or USB tethering, to route the traffic of the
tethered device(s) over Tor.
This means 1-5 devices connected over wifi, or just 1 device (a laptop
most likely) over USB.
While is definitely a feature that has a cool factor to it and will get
some attention, I want to make sure we have thought through the
risks/downsides of utilizing this feature, so that we can communicate
them in any blogs, websites or tutorials. I also wonder if similar
thoughts or documentation has been created within the TorRouter context.
For example, Bob's iPad connects to Alice's Android's Tor-fied Wifi
connection, and uses all sorts of non-https apps that leak enough
information about Bob (google map location data), that reveals Alice's
real-life location.
I keep saying this is no different than TorRouter in terms of risk
profile, but am I wrong?
Here's the important bits of code:
https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorTransProxy.java#l316
Best,
Nathan / n8fr8
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk