[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor-fi: risks of mobile hotspot feature in Orbot 1.0.6

Orbot 1.0.6 has a new feature that allows someone with a rooted Android
device that offers wifi or USB tethering, to route the traffic of the
tethered device(s) over Tor.

This means 1-5 devices connected over wifi, or just 1 device (a laptop
most likely) over USB.

While is definitely a feature that has a cool factor to it and will get
some attention, I want to make sure we have thought through the
risks/downsides of utilizing this feature, so that we can communicate
them in any blogs, websites or tutorials. I also wonder if similar
thoughts or documentation has been created within the TorRouter context.

For example, Bob's iPad connects to Alice's Android's Tor-fied Wifi
connection, and uses all sorts of non-https apps that leak enough
information about Bob (google map location data), that reveals Alice's
real-life location.

I keep saying this is no different than TorRouter in terms of risk
profile, but am I wrong?

Here's the important bits of code:

  Nathan / n8fr8
tor-talk mailing list