[tor-talk] Tor-fi: risks of mobile hotspot feature in Orbot 1.0.6

Nathan Freitas nathan at freitas.net
Thu Nov 3 12:49:28 PDT 2011

Orbot 1.0.6 has a new feature that allows someone with a rooted Android
device that offers wifi or USB tethering, to route the traffic of the
tethered device(s) over Tor.

This means 1-5 devices connected over wifi, or just 1 device (a laptop
most likely) over USB.

While is definitely a feature that has a cool factor to it and will get
some attention, I want to make sure we have thought through the
risks/downsides of utilizing this feature, so that we can communicate
them in any blogs, websites or tutorials. I also wonder if similar
thoughts or documentation has been created within the TorRouter context.

For example, Bob's iPad connects to Alice's Android's Tor-fied Wifi
connection, and uses all sorts of non-https apps that leak enough
information about Bob (google map location data), that reveals Alice's
real-life location.

I keep saying this is no different than TorRouter in terms of risk
profile, but am I wrong?

Here's the important bits of code:

  Nathan / n8fr8
tor-talk mailing list
tor-talk at lists.torproject.org

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list