Critical Tor flaw leaks users’ real IP address—update now

https://arstechnica.com/information...-flaw-leaks-users-real-ip-address-update-now/

Damn. This (bypass around Tor) is basically the same vulnerability exploited by the FBI's NIT. In any sort of secure Tor implementation, such a thing should be impossible. The Tor client should be running in a router or gateway VM, and the machine used for browsing should not even have a public IP address. That's easy to manage with Whonix.

I've badgered Tor Project about this for years. And they've ignored me. Their mantra has been about keeping things simple, so more people will use Tor.

So it goes.

Edit: They've plugged this leak, but the fundamental weakness remains. Tor Browser doesn't even block non-Tor connectivity with firewall rules. Even VPN clients block non-VPN connectivity. Remember that joke about "virtual pwned networks"? Bloody fools.

 

They're all in on it. I've been saying it for years. They know exactly what they're doing I can spot the difference between those who really are trying to build security and those who are faking it for surveillance honeypot purposes, a mile off.
Their get out is always the same.
"Oh what a silly old bunch of duffers we are, we made another mistake, but don't worry you can trust us, we patched it for you just like we did the last 500 times someone found one of our designed in, backdoor/sidedoor/weakened encryption/security exploits. You know the ones they call bugs. Unless its Russia, of course. Then it was deliberate. But only if its Russia.

 

The best Filippo from Italy.
Go.
Congratulations.

 

Must be naive to believe Tor = anonimity, real anonymous stuff aren't discussed publicly...

 

define "real anonymous" stuff!?!

 

all stuff you won't like to be caught with.

 

i sure wouldn't like to get caught with some dope on me if it ain't amsterdam.

 

Seems the IP leak stems from a Firefox bug.
Tor browser in MacOS and Linux are affected, but the Windows versions of Tor, Tails, and
the sandboxed Tor browser that's in alpha testing aren't vulnerable.

 

So what would be your solution? One that is suitable for people who want to do something about their online privacy, but don't have the skills or knowledge, such as viewing code, to make good/informed decisions.

Nice to know for once Windows isn't implicated.

 

Sure. But fundamentally, the defect is how apps can bypass Tor, and hit the Internet directly.

Until Tor Project deals with that, they just play whack a mole

 

Look at what they do not what they say. Learn what could be done to improve security. Are they doing those things? What would you implement if you were the developer, have they done that?
Start with TLS implementation. All our online security hinges on that, we all know how it has been weakened and interfered with in the past.
Look at what all the big developers did in response to that, most did nothing, some made it more difficult to analyse the connection security by removing relevent dialogues from their application some even removed access to the TLS info from their browser engine so even independent developers couldn't create dialogues to show TLS info. One or two, I think Eset was one of them that implemented extra features to check the TLS integrity.
Some of the devs that removed the TLS info dialogues put them back since then. I believe they realised they went too far and revealed their true intentions.
The point is, it wasn't just one that did that, it was several. Just more evidence that this kind of thing is a joint effort by large corporations to hurt our security features in cooperation with governments that have made it abundantly clear, this is policy.
Some have said it more publically than others, like in the UK and Australia, Germany...
Corporation people are often no where near as smart as they think they are, just weakening security features is the easy part. Let them try to make it look like they were not doing that, and they usually fall flat because what they could have implemented, but didn't, is often more telling than what they did.

 

Your post has changed substantially since I first viewed it. Thanks for your take on things. Could comment further but don't want to go offtopic.

 

Yeah sorry about that...I was distracted while writing it the first time and it didn't really say what I intended it to lol...
Pm me if u want to discuss off topic stuff.

 

When I see things like "Critical Tor flaw leaks users’ real IP address—update now" I am reminded that "trust no one" just justified itself yet again. To put it another way, don't put something online you don't want the world to know, unless you're 100% sure it's safe and secure. AFAIC being 100% sure is not going to happen for certain things. It doesn't mean we can't do things to help keep prying eyes out, even for (what we consider) general stuff, and frankly, just for the sake of privacy I consider it no one elses business if I drank coffee at xyz on whatever day and time.

I get it that the more people use TBB the easier it is to blend in hence devs trying to make it easier for more people. It's maybe a catch 22. On the other hand what use is it if these holes are not by accident but by design and who's to say someone on that team isn't a plant? Can't trust anyone.

 

This thread ****** me off, again. At least if we are following the compartmentalization and "chaining" model such a TOR leak would only point back to vpn2 in my model. I wonder if the VM containing TOR would keep this inside the VM and even prevent getting to the previous VM running vpn2? I suspect it would grab vpn2, which I find upsetting. Whonix is one way as Mirimir stated above. With both of our models this shouldn't be necessary since TOR could be edited to handle this if there was a will to do it. I like TOR but I still use a model that supports it when it leaks, and it does do that at times.

 

@Palancar if all that ****** you off wait till you read this article originally written in 1997 about the file:// URL, it had this update about Mozilla added in 2004.(according to notes at the bottom of the page.)

So Mozilla knew about the security issue with file: URLs and had it covered already by 2004 to where file URLs on a remote host did nothing. At some point between then and now they actually removed that security from the browser.
There's a word for that.
BUSTED.

 

If you're just using Tor browser in a VM that hits Tor through a VPN, this exploit would leak the VPN exit IP. Unless you have firewall rules that allow Internet traffic only by the Tor process, anyway. This isn't a Tor exploit. It's basically a Firefox exploit. Tom prevent it, you either need to use a Tor gateway (as in Whonix) or have firewall rules that block non-Tor traffic.

 

@RockLobster - That is interesting But still, the stuff about file URLs are Firefox issues. What's problematic here is the lack of network access control. With the standard Tor browser setup, it's only Firefox-Tor integration that prevents leaks. If something is messed up with that, you have leaks. If you use some other app that isn't setup to use Tor properly, you have leaks. The solution is either using Tor gateways, or blocking leaks with firewall rules, or network namespaces. Or best, both

 

This also have flaws. Guess that somebody would access their personal email or other personal account and in the same browser, but other tab, do some activity, that she/he would not like to be linked to. They could be connected by cookies and other storage features of Web browser or browser fingerprint.
User has to be aware of how this technology works.

 

It goes without saying, I think, that you don't pwn yourself like that.

 

Yep, for me this thread is NOT about "real name" use at all. I am only commenting about compartmentalized machines where you NEVER view real name stuff under any circumstances. What would be the point of using TOR to log into your real name bank? I am sure someone will come up with a reason but that will never be me or the folks chiming in here.

Mirimir, I know the part about Gateway machines using Whonix. Above; I was simply commenting that these leaks don't really "kill you" if you have two chained separate machines running VPN's in front. Like you, I am a Whonix lover as well!!

 

This is precisely why I think structured message passing, which has no complexity of the email or browser world, is essential to improve anonymity. On these forums we see again and again that the complexity and vulnerability of these client systems can be exploited (through various forms of fingerprinting and user behaviors that can be linked to real-world, cross-contamination of the opsec boundaries). It's also the case that if you give up the instant gratification of low latency, far stronger systems can be achieved. The biggest issue then remains is the address directory and how that can be linked to real-world.

 

I think non-technical users can do stupid things like this.
At the same time technical users are able to write customized firewall rules fitting exactly what are they are trying to accomplish, so I don't see a point in general sealing of Tor Browser by Tor Project.

Why you think email system is not suited for this?

 

@reasonablePrivacy - "Why you think email system is not suited for this?"

Difficulty in getting clean email addresses. Email protocol inherently insecure of itself. Store and forward is good, but need to have untrusted relationship with MTA. After all, most secure messaging services have abandoned trad email protocols.

 

I dont think there is a conventional way to persue secure messaging right now, there are too many attack surfaces.
Your computer device,
Your computer OS,
Your encryption libraries,
Your client application,
The transport,
Recipient application,
Recipient OS,
Recipient device,
Any of which can be compromised by a plethora of known attacks, never mind what is currently unknown or still the subject of speculation.