[tor-bugs] #16926 [Tor Browser]: Multiple OS: Tor Browser leaks domains to system DNS management.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Sep 2 00:54:44 UTC 2015
#16926: Multiple OS: Tor Browser leaks domains to system DNS management.
-------------------------------+------------------------------
Reporter: DrMikeTwiddle | Owner: tbb-team
Type: defect | Status: new
Priority: critical | Milestone:
Component: Tor Browser | Version: Tor: unspecified
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-------------------------------+------------------------------
Comment (by DrMikeTwiddle):
teor:
>Have you ever bookmarked tor-only-visited-site.com in another browser?
No absolutely not. And no other browsers were running. I never usually run
another browser concurrently with TB.
It is the case that tor-only-visited-site.com happens to be bookmarked
within Tor Browser (in fact it's the first bookmark manually added).
There are some older versions of TB on the same volume with 5.02 and I
would have this bookmark in them too. At one point about a month back I
might have exported the bookmark list from one version to import into
another, but seem to have deleted any free floating bookmarks.html file
since then.
But it's just too much of a coincidence from that being the last, or close
to the last site I visited in that session. Furthermore it was a specific
subdomain of tor-only-visited-site.com, that the site goes to
automatically when you actually use it, and these subdomains appear to be
numbered 1 to at least 8. So it was server2.tor-only-visited-site.com, not
the bookmark itself.
It's clearly jumped from that Tor Browser session to mDNSResponder
*somehow* , albeit we don't know how yet.
When I'd finished the session. I then hit New Identity. And then went to
Terminal and did the command to dump the state of mDNSResponder. It was
conspicuous as an entry there.
The rest of what you say is a reasonable line of inquiry too and I am
aware of these kinds of potential leaks.
For instance Tor Browser Mac users need to know that Quicklook can and
often will try to connect back to remote servers when viewing html
documents in the Finder to grab some remote resource. That's one reason I
put Little Snitch on to kill the Finder connecting to any remote server.
Also contextual mouse menus can sometimes have a web search or 'open URL'
feature easily inadvertently activated. And the options in System
Preferences turn them off don't seem to work. So care is needed if copying
and pasting a URL from TB into Textedit or some similar app.
But none of that happened here.
I'm considering making what I have of mDNSResponder state dump available,
or at least more of it as it may provide some better information to
someone with more technical knowledge.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16926#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list