Considerations about TBB Configuration Settings #196
Comments
|
cure53 informed the Tails developers (mentioned above). Tor knows about the WebRTC issue and disables it in current TBB. They also know about the url fixup issue, although that issue is still open. |
It seems like only the suffixes are a concern - if they are redirected to something that is DNS-routable (like .com), then that could be a very serious problem. We can advise users to make these changes in |
I don't think this actually works. If you read the Firefox source, it looks like "www." and ".com" are the defaults, and those prefs only allow users to specify alternate prefixes/suffixes to attempt instead (hence the name). To prevent URI fixups, you should instead set |
|
I submitted a patch to the Tor project to fix this in the TBB: https://trac.torproject.org/projects/tor/ticket/7446 |
|
@garrettr I tested the trick with the empty string locally and it appeared to work. The way to do it with |
|
@trevortimm What's the status on that "best practices" guide for sources and journalists? These recommendations should go in there for sources. |
|
@x00mario I've tried to reproduce the url fixup issue in both the ESR17 and (new) ESR24-based TBB's and have been unable to. Do you have a PoC? |
|
@garrettr Dropped it while I tied up like 100 loose ends for my last couple weeks with EFF - my bad. I will finish the first draft this weekend and put it on hackpad for others to edit. |
|
We had a closer look together with the Tails people and concluded, that the threat is fairly low, I think we can ignore it after all. |
|
Since no one can reproduce the "url fixup" issue, I am closing this. |
In some scenarios, the lack of availability of the hidden service for the connecting user or similar networks woes might lead to an unsolicited data leakage. The Gecko browser engine, foundation for the TBB and Tails’ IceWeasel browser applies automatic fixes to unresolving URLs.
These “fixes” include prefixes and suffixes that are automatically added to URLs that don’t seem to resolve properly. This might lead to for instance having the URL jgdevcded4x6dl37.onion be fixed into either www.jgdevcded4x6dl37.onion or even www.jgdevcded4x6dl37.onion.com. A strong attacker might be able to misuse this feature to redirect TOR Hidden Services requests to actual WW-websites without the user knowing.
The “fix” applied by Gecko can be reverted by accessing the browser settings (about:config) and changing the following settings’ values to be empty strings:
Settings:
browser.fixup.alternate.prefix: ""
browser.fixup.alternate.suffix: ""
A very tricky issue has been discovered in the Tails OS version 0.2.2 - the most recent versions during our tests. The distribution upgraded the default browser to IceWeasel 24 - in version 0.2.1 the version 17.0.10 was used. Contrary to IceWeasel 17, the version 24 supports a feature called WebRTC. WebRTC can be misused to unveil the users local IP without any given consent. This feature was first demonstrated by the maintainer of the website http://net.ipcalf.com/:
To mitigate the issue, WebRTC should be entirely disabled. This can be done by accessing IceWeasel’s configuration editor (about:config) and implementing the following setting:
Setting:
media.peerconnection.enabled: false
Once the setting has been set to false, the WebRTC feature is entirely disabled and the local IP leakage cannot happen any longer. While this is no critical data leakage, it might help a strong adversary to collect important bits of information for further narrowing down a target for the sake of de-anonymization. The Tails developer have been informed about this issue.
Reported as part of the cure53 audit of 0.2 as: SD-01-007
The text was updated successfully, but these errors were encountered: