Opened 6 years ago

Last modified 2 years ago

#11728 needs_review defect

Torbirdy shouldn't allow clearnet connections on startup if started in Transparent Torification mode

Reported by: mttp Owned by: ioerror
Priority: High Milestone:
Component: Applications/TorBirdy Version:
Severity: Normal Keywords: identity-leaks
Cc: sukhbir Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Here's the situation: Alice uses Torbirdy in "Transparent Torification" mode to check her email on her laptop with her Tor router at home. She later takes her laptop to an internet cafe and checks her email there. As soon as she opens Thunderbird, a connection is made in the clear to her email provider before she has a chance to change Torbirdy's settings to "Use Tor Onion Router". This is an identity leak, and Torbirdy should prevent this possibility.

Child Tickets

Change History (10)

comment:1 Changed 6 years ago by mttp

Cc: sukhbir added

comment:2 Changed 6 years ago by sukhbir

I think this is a good idea but the reason why I didn't feel the need to either warn the user or change the setting automatically is: a). we make sure that Thunderbird doesn't do any network activity on startup, till the point a user actually clicks on a mailbox (automatic checking of emails is disabled). b). there are users who actually use this setting (Transparent Torification) so changing it automatically every time Thunderbird starts is also not a good idea.

So we need a solution that takes a) and b) into consideration.

comment:3 in reply to:  2 ; Changed 6 years ago by mttp

Replying to sukhbir:

b). there are users who actually use this setting (Transparent Torification) so changing it automatically every time Thunderbird starts is also not a good idea.

The setting itself wouldn't necessarily need to be changed. A warning dialog that modifies the preferences based on the user response could also be effective.

comment:4 in reply to:  3 Changed 5 years ago by Viggy_prabhu

Replying to mttp:

The setting itself wouldn't necessarily need to be changed. A warning dialog that modifies the preferences based on the user response could also be effective.

In such a case that user asks to modify the configuration to "Use Tor Onion Router", what should happen when that session is over and user again connects back at her home network where she wants to use 'Transparent Torification'. So her preference should be only limited to the session and not a permanent change in settings?

comment:5 Changed 5 years ago by cypherpunks

It almost sounds too obvious, but could we screen-scrape https://check.torproject.org on startup, and display a warning based on that (regardless of whether Transparent Torification is enabled or not)?

comment:6 Changed 5 years ago by Viggy_prabhu

Connecting to "check.torproject.org" on startup itself may be identity leak right if the user accesses it in clearnet connections. I think the right way is to just ask user if he/she wants to continue using "Transparent Torification" everytime Thunderbird starts. It seems annoying but dont think there is any other way out.

comment:7 Changed 5 years ago by Viggy_prabhu

I have fixed this by just opening a dialog to user if "Transparent Torification" mode is enabled. User gets a warning asking if he/she wants to continue with the same setting or wants to open TorBirdy Preferences to modify the settings. Please check the changes and let me know if any changes needs to be done in the same. Here is the commit for the same, https://github.com/viggyprabhu/torbirdy/commit/67f95be528c31ca194ec4a3762aa9f055599ec9f

comment:8 Changed 5 years ago by Viggy_prabhu

Status: newneeds_review

comment:9 in reply to:  7 Changed 5 years ago by sukhbir

Replying to Viggy_prabhu:

I have fixed this by just opening a dialog to user if "Transparent Torification" mode is enabled. User gets a warning asking if he/she wants to continue with the same setting or wants to open TorBirdy Preferences to modify the settings. Please check the changes and let me know if any changes needs to be done in the same. Here is the commit for the same, https://github.com/viggyprabhu/torbirdy/commit/67f95be528c31ca194ec4a3762aa9f055599ec9f

Thanks for the patch! I will review it shortly and update this ticket with the change.

comment:10 Changed 2 years ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.