[tor-bugs] #16669 [Website]: check.torproject.org should have WebRTC IPv4 and IPv6 address leak detection to protect Orbot VPN users
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jul 25 18:33:42 UTC 2015
#16669: check.torproject.org should have WebRTC IPv4 and IPv6 address leak
detection to protect Orbot VPN users
---------------------+---------------------------
Reporter: diafygi | Owner: Sebastian
Type: defect | Status: new
Priority: major | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
---------------------+---------------------------
Orbot for Android offers an option to use Tor as a VPN. This is great
because Orweb is End-of-Life, and other browsers don't allow configuring
proxies and the VPN feature also tunnels traffic for apps through Tor.
However, the Android's VPN feature doesn't hide the IP addresses from
WebRTC's STUN requests. This means that Orbot users will still leak their
IP addresses when using the VPN feature and using a browser with WebRTC
capabilities.
Here's the proof-of-concept I wrote to detect IP addresses via WebRTC.
Please include this test code in your https://check.torproject.org/
website, so that users who are stuck using regular browsers on Android can
know about the IP address leak.
https://github.com/diafygi/webrtc-ips
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16669>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list