[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Sep 2 00:54:44 UTC 2015


#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
     Reporter:  DrMikeTwiddle  |      Owner:  tbb-team
         Type:  defect         |     Status:  new
     Priority:  critical       |  Milestone:
    Component:  Tor Browser    |    Version:  Tor: unspecified
   Resolution:                 |   Keywords:
Actual Points:                 |  Parent ID:
       Points:                 |
-------------------------------+------------------------------

Comment (by DrMikeTwiddle):

 teor:

 >Have you ever bookmarked tor-only-visited-site.com in another browser?

 No absolutely not. And no other browsers were running. I never usually run
 another browser concurrently with TB.

 It is the case that tor-only-visited-site.com happens to be bookmarked
 within Tor Browser (in fact it's the first bookmark manually added).

 There are some older versions of TB on the same volume with 5.02 and I
 would have this bookmark in them too. At one point about a month back I
 might have exported the bookmark list from one version to import into
 another, but seem to have deleted any free floating bookmarks.html file
 since then.

 But it's just too much of a coincidence from that being the last, or close
 to the last site I visited in that session. Furthermore it was a specific
 subdomain of tor-only-visited-site.com, that the site goes to
 automatically when you actually use it, and these subdomains appear to be
 numbered 1 to at least 8. So it was server2.tor-only-visited-site.com, not
 the bookmark itself.

 It's clearly jumped from that Tor Browser session to mDNSResponder
 *somehow* , albeit we don't know how yet.

 When I'd finished the session. I then hit New Identity. And then went to
 Terminal and did the command to dump the state of mDNSResponder. It was
 conspicuous as an entry there.

 The rest of what you say is a reasonable line of inquiry too and I am
 aware of these kinds of potential leaks.

 For instance Tor Browser Mac users need to know that Quicklook can and
 often will try to connect back to remote servers when viewing html
 documents in the Finder to grab some remote resource. That's one reason I
 put Little Snitch on to kill the Finder connecting to any remote server.

 Also contextual mouse menus can sometimes have a web search or 'open URL'
 feature easily inadvertently activated.  And the options in System
 Preferences turn them off don't seem to work. So care is needed if copying
 and pasting a URL from TB into Textedit or some similar app.

 But none of that happened here.

 I'm considering making what I have of mDNSResponder state dump available,
 or at least more of it as it may provide some better information to
 someone with more technical knowledge.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list