Hi everyone,
I'm not sure this is the place to share this, but I though some of you might want to know: an information leak has been discovered on Firefox / Chrome, and it can be used to reveal a user's real IP address. The article is focused on VPN, but people who connect to the Tor network through a local SOCKS proxy are also affected. Demo here .
On 31 January 2015 at 05:44, JusticeRage justicerage@manalyzer.org wrote:
Hi everyone,
I'm not sure this is the place to share this, but I though some of you might want to know: an information leak has been discovered on Firefox / Chrome, and it can be used to reveal a user's real IP address. The article is focused on VPN, but people who connect to the Tor network through a local SOCKS proxy are also affected. Demo here.
Thanks for the heads up! While I can confirm it works on FF and Chrome, my testing indicates this doesn't affect vanilla TorBrowser. (Tested on Windows) TBB disables WebRTC: https://gitweb.torproject.org/tor-browser.git/tree/.mozconfig?h=tor-browser-... for this and other reasons =)
-tom
On 01/31/2015 04:44 AM, JusticeRage wrote:
Hi everyone,
I'm not sure this is the place to share this, but I though some of you might want to know: an information leak has been discovered on Firefox / Chrome, and it can be used to reveal a user's real IP address. The article is focused on VPN, but people who connect to the Tor network through a local SOCKS proxy are also affected. Demo here
As noted, it doesn't work for Tor browser.
But more generally, this is why it's prudent to use gateways for Tor and VPNs. Devices using proxies should be unable to determine their ISP-assigned public IP addresses.
tor-relays@lists.torproject.org
-
JusticeRage -
Mirimir -
Tom Ritter