[tor-talk] Tor-fi: risks of mobile hotspot feature in Orbot 1.0.6
Nathan Freitas
nathan at freitas.net
Thu Nov 3 12:49:28 PDT 2011
Orbot 1.0.6 has a new feature that allows someone with a rooted Android
device that offers wifi or USB tethering, to route the traffic of the
tethered device(s) over Tor.
This means 1-5 devices connected over wifi, or just 1 device (a laptop
most likely) over USB.
While is definitely a feature that has a cool factor to it and will get
some attention, I want to make sure we have thought through the
risks/downsides of utilizing this feature, so that we can communicate
them in any blogs, websites or tutorials. I also wonder if similar
thoughts or documentation has been created within the TorRouter context.
For example, Bob's iPad connects to Alice's Android's Tor-fied Wifi
connection, and uses all sorts of non-https apps that leak enough
information about Bob (google map location data), that reveals Alice's
real-life location.
I keep saying this is no different than TorRouter in terms of risk
profile, but am I wrong?
Here's the important bits of code:
https://gitweb.torproject.org/orbot.git/blob/HEAD:/src/org/torproject/android/service/TorTransProxy.java#l316
Best,
Nathan / n8fr8
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list