[tor-talk] Tor-fi: risks of mobile hotspot feature in Orbot 1.0.6

Roger Dingledine arma at mit.edu
Thu Nov 3 23:28:10 UTC 2011


On Thu, Nov 03, 2011 at 03:49:28PM -0400, Nathan Freitas wrote:
> While is definitely a feature that has a cool factor to it and will get
> some attention, I want to make sure we have thought through the
> risks/downsides of utilizing this feature, so that we can communicate
> them in any blogs, websites or tutorials. I also wonder if similar
> thoughts or documentation has been created within the TorRouter context.
> 
> For example, Bob's iPad connects to Alice's Android's Tor-fied Wifi
> connection, and uses all sorts of non-https apps that leak enough
> information about Bob (google map location data), that reveals Alice's
> real-life location.

Sounds like you really want your setup to make use of the proposal 171
"separate streams" feature that went into Tor 0.2.3.3-alpha:

"""
    - You can now configure Tor so that streams from different
      applications are isolated on different circuits, to prevent an
      attacker who sees your streams as they leave an exit node from
      linking your sessions to one another. To do this, choose some way
      to distinguish the applications: have them connect to different
      SocksPorts, or have one of them use SOCKS4 while the other uses
      SOCKS5, or have them pass different authentication strings to the
      SOCKS proxy. Then, use the new SocksPort syntax to configure the
      degree of isolation you need. This implements Proposal 171.
"""

In what way are you proxying all of the traffic from the other users into
your Tor client? See the "Isolate*" entries in the man page in Tor master.

> I keep saying this is no different than TorRouter in terms of risk
> profile, but am I wrong?

The Torouter people should probably be asking themselves the same
questions I asked above.

--Roger



More information about the tor-talk mailing list