Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Complete work-around for video DNS- and/or other leaks? #30
Would it be possible to have a service where, to watch a video, a request is sent through Tor to a dedicated VPS-video-handler, which would download the video and stream it through Tor back to the OnionBrowser?
The DNS- and/or other leaks would merely point to the VPS. The VPS would not be aware of who's doing the requests, only that a video is requested, and its legal/privacy status would be somewhat similar to a Tor exit-node.
Such a service would of course be expensive, but possibly scalable as a $5/month service or less?
Would this be possible?
The problem is that video connections seem to operate entirely outside of the control of the app — ignoring the app’s attempts to proxy all connections.
For most connections, we are able to force the app to use our own internal Tor client as a proxy. See this code — basically, anything that isn't "file://", "data://" or an App Store link (handled by the OS), is caught and routed over Tor (instead of the OS's proxy server).
Unfortunately, the bug is that videos seem to ignore this code entirely. They might be using their own connection code via QuickTime or something. I’m not actually sure, but I could not find any way to get videos to respect the proxy while developing this portion.
So you’d still need a way to get the video data from your "video handler" to the Onion Browser app without leaking over non-Tor internet. Yes, the connection between the VPS and the video site is secure, and the VPS may not know the identity of the requester, but the client is still exposed and known to be requesting certain videos that are no longer securely encrypted at that point. Further, in the case of censorship or oppressive governments, using this "VPS video handler" method but sending over clear internet still runs severe risks. Even in the case of encryption, the amount of data funneling to one "VPS video handler" service would make it easy for content filters to identify and block.
If you really need to do something like this, you can possibly do this today:
Any videos (and other connections) that leak outside of Onion Browser will still be caught by this proxy or VPS.
Thanks a lot for your answer and interesting thoughts. I certainly see your point.
But now I'm thinking — why not then have a VPN connecting point to the Tor network, in addition to the standard connection through OnionBrowser? Is that feasible? Connect to the Tor-network as VPN—I guess this is not implemented in Tor, and needs to be in order to work?
Too bad it might just be an incompatibility issue with what proxies Apple (and Android I guess) accept then. (But then again, real anonymity rotted in Apple and the other fruits with #Snowden, and only decentralized architecture has any hope left.)