New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Complete work-around for video DNS- and/or other leaks? #30

Closed
knutole opened this Issue Jun 24, 2013 · 2 comments

Comments

Projects
None yet
2 participants
@knutole

knutole commented Jun 24, 2013

Would it be possible to have a service where, to watch a video, a request is sent through Tor to a dedicated VPS-video-handler, which would download the video and stream it through Tor back to the OnionBrowser?

The DNS- and/or other leaks would merely point to the VPS. The VPS would not be aware of who's doing the requests, only that a video is requested, and its legal/privacy status would be somewhat similar to a Tor exit-node.

Such a service would of course be expensive, but possibly scalable as a $5/month service or less?

Would this be possible?

@mtigas

This comment has been minimized.

Show comment
Hide comment
@mtigas

mtigas Jul 29, 2013

Collaborator

The problem is that video connections seem to operate entirely outside of the control of the app — ignoring the app’s attempts to proxy all connections.

For most connections, we are able to force the app to use our own internal Tor client as a proxy. See this code — basically, anything that isn't "file://", "data://" or an App Store link (handled by the OS), is caught and routed over Tor (instead of the OS's proxy server).

Unfortunately, the bug is that videos seem to ignore this code entirely. They might be using their own connection code via QuickTime or something. I’m not actually sure, but I could not find any way to get videos to respect the proxy while developing this portion.

So you’d still need a way to get the video data from your "video handler" to the Onion Browser app without leaking over non-Tor internet. Yes, the connection between the VPS and the video site is secure, and the VPS may not know the identity of the requester, but the client is still exposed and known to be requesting certain videos that are no longer securely encrypted at that point. Further, in the case of censorship or oppressive governments, using this "VPS video handler" method but sending over clear internet still runs severe risks. Even in the case of encryption, the amount of data funneling to one "VPS video handler" service would make it easy for content filters to identify and block.


If you really need to do something like this, you can possibly do this today:

  • find some VPS service compatible with iPhone
  • connect to that VPS in phone settings and ensure that traffic is going over VPS
  • then use Onion Browser

Any videos (and other connections) that leak outside of Onion Browser will still be caught by this proxy or VPS.

Collaborator

mtigas commented Jul 29, 2013

The problem is that video connections seem to operate entirely outside of the control of the app — ignoring the app’s attempts to proxy all connections.

For most connections, we are able to force the app to use our own internal Tor client as a proxy. See this code — basically, anything that isn't "file://", "data://" or an App Store link (handled by the OS), is caught and routed over Tor (instead of the OS's proxy server).

Unfortunately, the bug is that videos seem to ignore this code entirely. They might be using their own connection code via QuickTime or something. I’m not actually sure, but I could not find any way to get videos to respect the proxy while developing this portion.

So you’d still need a way to get the video data from your "video handler" to the Onion Browser app without leaking over non-Tor internet. Yes, the connection between the VPS and the video site is secure, and the VPS may not know the identity of the requester, but the client is still exposed and known to be requesting certain videos that are no longer securely encrypted at that point. Further, in the case of censorship or oppressive governments, using this "VPS video handler" method but sending over clear internet still runs severe risks. Even in the case of encryption, the amount of data funneling to one "VPS video handler" service would make it easy for content filters to identify and block.


If you really need to do something like this, you can possibly do this today:

  • find some VPS service compatible with iPhone
  • connect to that VPS in phone settings and ensure that traffic is going over VPS
  • then use Onion Browser

Any videos (and other connections) that leak outside of Onion Browser will still be caught by this proxy or VPS.

@mtigas mtigas closed this Jul 29, 2013

@knutole

This comment has been minimized.

Show comment
Hide comment
@knutole

knutole Aug 5, 2013

Thanks a lot for your answer and interesting thoughts. I certainly see your point.

But now I'm thinking — why not then have a VPN connecting point to the Tor network, in addition to the standard connection through OnionBrowser? Is that feasible? Connect to the Tor-network as VPN—I guess this is not implemented in Tor, and needs to be in order to work?

Too bad it might just be an incompatibility issue with what proxies Apple (and Android I guess) accept then. (But then again, real anonymity rotted in Apple and the other fruits with #Snowden, and only decentralized architecture has any hope left.)

knutole commented Aug 5, 2013

Thanks a lot for your answer and interesting thoughts. I certainly see your point.

But now I'm thinking — why not then have a VPN connecting point to the Tor network, in addition to the standard connection through OnionBrowser? Is that feasible? Connect to the Tor-network as VPN—I guess this is not implemented in Tor, and needs to be in order to work?

Too bad it might just be an incompatibility issue with what proxies Apple (and Android I guess) accept then. (But then again, real anonymity rotted in Apple and the other fruits with #Snowden, and only decentralized architecture has any hope left.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment