[tor-bugs] #12411 [Orbot]: Orbot broke using DNSPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jun 17 12:15:04 UTC 2014
#12411: Orbot broke using DNSPort
-------------------------------------------------+-------------------------
Reporter: isis | Owner: n8fr8
Type: defect | Status: new
Priority: normal | Milestone:
Component: Orbot | Version:
Keywords: orbot-14.0.3.1, orbot-14.0.4, wtf, | Actual Points:
software-engineering | Points:
Parent ID: |
-------------------------------------------------+-------------------------
Orbot 14.0.3.1 completely breaks networking, if you have firewall scripts
which don't allow leaks.
'''THIS MEANS THAT ORBOT IS LEAKING LIKE THE FUCKING PENTAGON PAPERS,
EXCEPT NOT IN A GOOD WAY.'''
This is because Orbot (as of 14.0.3.1 and later)
[https://gitweb.torproject.org/orbot.git/commitdiff/2ce9ea92f14f7b5c04798809f0c262475766977e
sets `DNSPort 0`], which disables tor's `DNSPort` entirely. This means
that people who use iptables scripts outside of Orbot (as described in
[https://blog.torproject.org/blog/mission-impossible-hardening-android-
security-and-privacy Mike Perry's recent blog post]) to redirect UDP DNS
traffic to the `DNSPort` cannot do so. It also means that ''every other
application will leak traffic all over the place''.
Currently, the only way to fix this mess is to force stop and uninstall
Orbot, download an older (14.0.1) .apk onto another device, and copy it
over manually to the broken one to reinstall it. This is ridiculous.
You're practically bricking people's devices, and you're forcing them to
jump through extreme hoops to preserve their anonymity.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12411>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list