[tor-talk] WebRTC to uncover local IP

Mirimir mirimir at riseup.net
Fri Jan 30 01:01:20 UTC 2015


On 01/29/2015 12:31 PM, spencerone at openmailbox.org wrote:
> Katya Titov kattitov at yandex.com:
>> This PoC has made its ways around. Using webRTC to deanonomize your
>> IP. New to me: https://diafygi.github.io/webrtc-ips/
>>
> 
> My IPAs are displayed when using Firefox, but not using Tor, as
> expected, I think.
> 
> Understanding very little about WebRTC and STUN servers, what does this
> mean for people?

This means that people need to be using gateways (VMs or hardware) for
accessing Tor, VPNs, JonDonym or whatever. There must be _no_ path to
the Internet except through the anonymity system. There must also be no
path to anything sensitive on local networks. For Tor, that means
something like Whonix, the equivalent in Qubes, or a pfSense Tor
gateway. Just sayin'.

> Wordlife,
> SpencerOne
> 


More information about the tor-talk mailing list