[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #16669 [Website]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users

Subject: [tor-bugs] #16669 [Website]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 25 Jul 2015 18:33:42 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 25 Jul 2015 14:33:54 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#16669: check.torproject.org should have WebRTC IPv4 and IPv6 address leak
detection to protect Orbot VPN users
---------------------+---------------------------
 Reporter:  diafygi  |          Owner:  Sebastian
     Type:  defect   |         Status:  new
 Priority:  major    |      Milestone:
Component:  Website  |        Version:
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
---------------------+---------------------------
 Orbot for Android offers an option to use Tor as a VPN. This is great
 because Orweb is End-of-Life, and other browsers don't allow configuring
 proxies and the VPN feature also tunnels traffic for apps through Tor.

 However, the Android's VPN feature doesn't hide the IP addresses from
 WebRTC's STUN requests. This means that Orbot users will still leak their
 IP addresses when using the VPN feature and using a browser with WebRTC
 capabilities.

 Here's the proof-of-concept I wrote to detect IP addresses via WebRTC.
 Please include this test code in your https://check.torproject.org/
 website, so that users who are stuck using regular browsers on Android can
 know about the IP address leak.

 https://github.com/diafygi/webrtc-ips

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16669>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #16669 [Tor Check]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #16669 [Tor Check]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #16668 [Atlas]: Atlas is down
Next by Author: Re: [tor-bugs] #16669 [Tor Check]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
Previous by thread: Re: [tor-bugs] #16668 [Atlas]: Atlas is down
Next by thread: Re: [tor-bugs] #16669 [Tor Check]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
Index(es):
- Author
- Thread