Opened 7 months ago

Last modified 7 months ago

#32973 needs_information enhancement

Display real/starting IP address in the Tor Circuit information

Reported by: PROTechThor Owned by: tbb-team
Priority: Low Milestone:
Component: Applications/Tor Browser Version:
Severity: Minor Keywords: ux-team, tbb-circuit-display
Cc: antonela Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Coming from an email on frontdesk:


I am wondering why the site info shows not the starting(real) IP address.
This would be helpful to check if all is as expected.

Meaning currently it shows:

This Browser
Guard (IP of guard)
Node (IP of node)

But why not:
This Browser (real IP or seen IP (e.g from a VPN))
Guard (IP of guard)
Node (IP of node)

That would give me more trust how I am really connected.
I would like to see this in an upcoming release (if it is no privacy harm)."

Child Tickets

Change History (3)

comment:1 Changed 7 months ago by antonela

Component: UXApplications/Tor Browser
Keywords: ux-team tbb-circuit-display added
Owner: changed from antonela to tbb-team

comment:2 Changed 7 months ago by cypherpunks

could be parsed from dirserver answer X_ADDRESS_HEADER

comment:3 Changed 7 months ago by sysrqb

Status: newneeds_information

This is an interesting idea. Initially, my main concern is that in this case the browser holds the user's external IP address in memory which is something it does not do currently. Of course there is the argument that if the parent process is exploited such that an attacker gains access to the memory holding the IP address, then the user is pretty screwed anyway. But, do we want to increase the amount of information available in that case? With that being said, I definitely understand the usability benefit.

In any case, if we do this, we wouldn't touch (or have access to) the information communicated between the tor client and the Guard, the browser would just ask the client for that info: GETINFO address. We can think about adding a button ("show your IP address") which queries tor for the address, but the browser doesn't save the address after the user closes the circuit display. (I'll ignore the problem with securely wiping memory right now).

Note: See TracTickets for help on using tickets.