[tbb-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Sep 3 06:12:12 UTC 2015


#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
     Reporter:  DrMikeTwiddle  |      Owner:  tbb-team
         Type:  defect         |     Status:  new
     Priority:  critical       |  Milestone:
    Component:  Tor Browser    |    Version:  Tor: unspecified
   Resolution:                 |   Keywords:
Actual Points:                 |  Parent ID:
       Points:                 |
-------------------------------+------------------------------

Comment (by DrMikeTwiddle):

 @cypherpunks

 I lack the knowledge to assess the code, but very much believe you are
 correct in that it would seem unlikely . As an end user (and supporter of
 Tor) I’ve heavily tested TB (and also just regular Firefox+ VPN including
 with a bunch of plug ins in reg FF) and no leak has ever come up in formal
 testing, in Wireshark, tcpdump, and so on. Ever.

 That’s why I’m so surprised. Of course it is difficult for me to assess
 how broken my own system is. It’s not impossible I’ve installed something
 at some point in time to the system itself that could be a factor. I can’t
 rule that out.  But it would have to be something that explicitly grabs a
 URL  out of the address bar and does a DNS look up on it but *extremely
 infrequently*.

 And because this is so infrequent - it’s happened only once and I can’t
 yet repeat it, it does make me feel it is not yet possible to rule out
 some leak, however odd or rare and difficult to trigger from TB or its
 pluggable transport packages (like obsf3/4 which I tend to use due to ISP
 problems here)

 I see a new bug has been filed by teor about a potential leak from testing
 Tor (using chutney I think) OS X:

 https://trac.torproject.org/projects/tor/ticket/16971

 And then there was also the original report about DNS leaks on Linux.

 My own testing is continuing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list