Remove All Ads from XDA
Honor View 10

[real ip disclosure] Security warning: Orweb Tor Browser

6 posts
Thanks Meter: 2
By xordern, Junior Member on 31st May 2014, 10:03 PM
Post Reply Email Thread
The Orweb Tor Browser from the Guardianproject has a really serious security flaw. The actual ip of an user can be determined by using HTML5 video or audio elements, despite the user is connected via the TOR connection.

The problem is the underlying WebView component which doesn't handle proxy settings correctly. There's also a blog post from August 21st, 2013 on this problem. Nevertheless, the browser with over 1 million installations is still available in the PlayStore and might be widely used. The developers offer an alternative solution with the Firefox Addon proxy mobile that isn't affected by this bug.

More details are available at Why you really shouldn't use Orweb anymore.
Quick-Check (to be accessed from Orweb):

The ip leakage can be reproduced with at least Android 2.3.5, Android 4.1.2 and Android 4.3.
The Following 2 Users Say Thank You to xordern For This Useful Post: [ View ] Gift xordern Ad-Free
Post Reply Subscribe to Thread

flaw, leakage, orbot, orweb, tor

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes