Critical Tor flaw leaks users’ real IP address—update now

Discussion in 'privacy problems' started by mirimir, Nov 6, 2017.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,848
    OK, I'm probably out of touch. Certainly about phones. There's no router there, obviously :oops: And no VMs, either. I'm not sure that it's possible to have secure privacy on phones. Because apps can see public IP, so privacy depends on configuration and firewall.

    But for broadband, I was assuming that the standard now is modem plus WiFi router. And for that, I wasn't thinking that devices would get public IPs. But now with IPv6 ISPs, I guess that they are. And in that situation, for privacy you really need a router running a VPN.
     
  2. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    72
    Location:
    Some country in the European Union
    Good thing is that VM will not tell app what is your IP address. If VM has too much performance impact, I would recomend Linux namespaces. iptables/ip addr show is not going to show your IP address from external namespace.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,848
    Yeah, I need to learn namespaces. I'm guessing that one could do a really lightweight yet secure nested VPN setup with namespaces and iptables. Maybe I'll do a how-to guide.
     
  4. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,021
    @mirimir Probably because phones don't have the configuration options. You know a lot more about this than me but on a PC you would probably uncheck use default gateway on remote network to prevent the OS creating an internet route at all, is that correct?
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,848
    I largely switched to Linux before getting serious about VPNs and stuff. And my memories of Windows have faded hugely. So that's not a familiar option.

    But generally, I don't think that routing is a great way to secure against leaks. The fundamental goal in network systems seems to be connectivity. It's better to just use firewall rules.

    In Linux, network namespaces are much more restrictive than routing, gateways and such. Maybe there's something analogous in Windows. But o_O
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,361
    Location:
    UK
    I take it you're aware of Firejail, which encapsulates the use of namespaces and seccomp in a friendly way, all based on native kernel functions? It also has filters based on a distinct iptables under its netfilter. But, digging a bit, it seems like there isn't support for OpenVPN yet.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,848
    @deBoetie - Thanks :) I'd heard of Firejail, but that's about it. I'll check it out.
     
  8. Stefan Froberg

    Stefan Froberg Registered Member

    Joined:
    Jul 30, 2014
    Posts:
    231
    That is true, port 25 is rarely if ever open on consumer grade connections because it was heavily abused (spam).
     
Loading...