subject:"\[tor\-bugs\] #28125 \[Applications\/Tor Browser\]\: Don't let Android leak DNS queries"

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-30 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Okay, the broken functionality is not great but I think we should pick
 what we have. commit 2c4b103cfef5eafe276713478abf8bd1db057730 on `tor-
 browser.60.3.0esr-8.5-1` has the fix.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-29 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sysrqb):

 Great, thanks! I think the most noticeable change resulting from this
 patch is that favicons are not downloaded.

 The patch prevents connections for the following functionality:
  - Sending Crash reports (already disabled) - `CrashReporter.java`
  - Search suggestions (SuggestClient.java)
  - Pocket (already broken, needs API key) - `PocketStoriesLoader.java`
  - After installation from Google Play (under certain conditions) -
 `Distribution.java`
  - Downloadable Content (Disabled at compile time) - `dlc/BaseAction.java`
  - Top/Suggested Sites - `ImageLoader.java`
  - (Fav)Icon download per tab - `IconDownloader.java`
  - Region-specific search engine (always default in TBA because missing
 API key) - `SearchEngineManager.java`
  - Download A/B testing framework config (already disabled) -
 `Switchboard.java`

 As a result, the newly broken functionality includes Image downloading for
 Top/Suggested sites and favicon download.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-29 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by igt0):

 For all my tests I have been using a real device connected to my computer
 and I am using mitmproxy(https://mitmproxy.org/) to debug http(s) protocol
 and wireshark for non tls stuff.

 
**mobile/android/geckoview/src/thirdparty/java/com/google/android/exoplayer2/upstream/DefaultHttpDataSource.java**
 Steps:
 1. Open https://bitmovin-a.akamaihd.net/content/MI201109210084_1/m3u8s
 /f08e80da-bf1d-4e3d-8899-f0f6155f6efa.m3u8 or
 https://content.jwplatform.com/manifests/yp34SRmf.m3u8
 2. Look for connections to both URLs.

 Result: I was not able to verify any connection open for those URLs.


 **mobile/android/base/java/org/mozilla/gecko/updater/UpdateService.java**

 Test cases:

 1. Enabled MOZ_UPDATER
 2. Click in the check for updates button
 3. Verify if any connection was made to the update URL

 Result: No request was made

 **mobile/android/base/java/org/mozilla/gecko/CrashReporter.java**
 Not able to test.

 
**mobile/android/geckoview/src/main/java/org/mozilla/gecko/media/GeckoMediaDrmBridgeV21.java**

 It is disabled in our prefs and we don't plan to enable soon. So I didn't
 test it.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-29 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sysrqb):

 Replying to [comment:7 new_user]:
 > and one question
 > why orfox was not leaking dns or my test was flawed??
 >
 > i am just an end user, so wanna know expert's opinion should i continue
 to use orfox

 Yes, Orfox uses a different Proxy type (HTTP CONNECT, instead of SOCKS5).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-29 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by gk):

 Replying to [comment:3 sysrqb]:
 > I have branch `28125` on my public repo. I haven't confirmed it prevents
 all leaks, yet (but it should). It simply prevents all non-Necko
 connections. A better patch will take some more time.

 Looks good to me. Do we have an understanding about what those changes
 break (we'd need to mention that at least in our blog post).

 igt0 could you give it a round of testing on your devices, so we can start
 getting the Firefox security updates to android.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-26 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by new_user):

 and one question
 why orfox was not leaking dns or my test was flawed??

 i am just an end user, so wanna know expert's opinion should i continue to
 use orfox

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-26 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-

Comment (by new_user):

 @sysrqb yes i used real device in all tests

 and this app- https://f-droid.org/en/packages/org.adaway/

 did not captured whole packet just dns.

 although we can use binary for full capture witch comes with lineage os or
 you can install [https://f-droid.org/en/packages/com.termux/] and use
 tcpdump with root.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-26 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
-+-
 Reporter:  sysrqb   |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Immediate|  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass,|  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #5709| Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gk):

 * keywords:  tbb-mobile, tbb-proxy-bypass => tbb-mobile, tbb-proxy-bypass,
 TorBrowserTeam201810R


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-25 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

Comment (by sysrqb):

 Replying to [comment:1 new_user]:
 > -I made comment in #27822 and indeed i was using android o sdk 27
 > -so again i tested tor on android 7.1
 > -dns leaks on 7.1
 > -latest alpha leaks dns
 > -but orfox is running fine does not leaks dns at all

 Are you using a physical device or an emulator?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-25 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  needs_review
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--
Changes (by sysrqb):

 * status:  new => needs_review


Comment:

 I have branch `28125` on my public repo. I haven't confirmed it prevents
 all leaks, yet (but it should). It simply prevents all non-Necko
 connections. A better patch will take some more time.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-22 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Immediate |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile, tbb-proxy-bypass  |  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--
Changes (by gk):

 * priority:  Very High => Immediate
 * keywords:  tbb-mobile => tbb-mobile, tbb-proxy-bypass


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-20 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
--+--
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal| Resolution:
 Keywords:  tbb-mobile|  Actual Points:
Parent ID:  #5709 | Points:
 Reviewer:|Sponsor:
--+--

Comment (by new_user):

 -I made comment in #27822 and indeed i was using android o sdk 27
 -so again i tested tor on android 7.1
 -dns leaks on 7.1
 -latest alpha leaks dns
 -but orfox is running fine does not leaks dns at all

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

2018-10-19 Thread Tor Bug Tracker & Wiki

#28125: Don't let Android leak DNS queries
--+
 Reporter:  sysrqb|  Owner:  tbb-team
 Type:  defect| Status:  new
 Priority:  Very High |  Milestone:
Component:  Applications/Tor Browser  |Version:
 Severity:  Normal|   Keywords:  tbb-mobile
Actual Points:|  Parent ID:  #5709
   Points:|   Reviewer:
  Sponsor:|
--+
 In #27431 and #27375, it was reported Android is leaking DNS requests.
 From [ticket:27431#comment:1 27431], in summary:

 {{{
 This is exactly what we feared. It looks like this is the result
 of a bug within the Android core HTTP library. This leak is already
 fixed in the more recent releases of Android. In particular, any
 version after Android O (API 26+) should not leak DNS queries.
 }}}

 We should patch TBA so it relies on the Android core library as little as
 possible. We don't need the fancy optimizations Android provide with
 request pools and such, so I think we can simply create and manage a proxy
 connection ourselves.

 #27822 maybe related (but there isn't enough info available).

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

Re: [tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

[tor-bugs] #28125 [Applications/Tor Browser]: Don't let Android leak DNS queries

13 matches

Site Navigation

Mail list logo

Footer information