[tor-bugs] #16669 [Tor Check]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Aug 16 18:37:34 UTC 2015
#16669: check.torproject.org should have WebRTC IPv4 and IPv6 address leak
detection to protect Orbot VPN users
---------------------------+---------------------
Reporter: diafygi | Owner: arlolra
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Check | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
---------------------------+---------------------
Changes (by arlolra):
* cc: amoghbl1, n8fr8 (added)
Comment:
Thanks for the research and suggestion.
Orweb is being replaced by Orfox, a port of Tor Browser for Android. If
it's susceptible to this leak, that would indeed be pretty major bug. I've
cc'd the developers to verify that it is not the case.
> However, the Android's VPN feature doesn't hide the IP addresses from
WebRTC's STUN requests. This means that Orbot users will still leak their
IP addresses when using the VPN feature and using a browser with WebRTC
capabilities.
I think this is analogous to the desktop situation where the
recommendation is to use Tor Browser, full stop. It goes to great pains to
ensure a safe browsing environment, only one of which is preventing proxy
leaks. While a warning for this particular issue might be nice, a positive
result on check.tpo should never be take as an indication that all is
well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16669#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list