TCP-only mode, IP exposure risk #1927
Comments
|
You shouldn't rely on the implementation of TCP relays to keep your IP hidden from your contacts. It may be the case that this works right now (which I believe it does though can't guarantee), but there is no effort to enforce it, and it may change at any time in the future without notice. Any degree of anonymity provided by using TCP-only mode is incidental and undocumented. |
It's totally possible. Your friend can launch his own relay and send it to you via one of internal packages so you will connect to it and reveal your IP. |
|
Simpler rule, do not add friends who you afraid and btw ISP knows your IP always. |
|
The best solution is to run over Tor which should eliminate the exposure risk of your IP to your friends. I think Tox currently leaks DNS requests when using Tor. So if your usage of Tor does not also have a firewall and reroute of DNS, then the fact that you are using Tox will be visible to outsiders. This can be a real problem in some juristictions. |
|
@emdee-is not sure what you are asking. KCI is a post-compromise issue in case your static private Tox identity key is stolen. |
I'm not sure what I'm asking either so the answer could be just NO, but i thought I read somewhere that the compromised key could then later be used to reveal the IP in later communications. I'll see if I can find a citation, otherwise I just take it as a NO. Thanks for the reply. |
|
Actually TCP only mode should get option(toggleable) to still make direct connection for calls and file transfer then Tox would be complete Skype replacement ideologically and could be huge benefit for those sitting behind weak internets or phones. It is proven problem tested by me when one router hosted 9-16 persons behind one router and Tox just jammed that router hardly. This would be holy grail of Tox and exact Skype(old true Skype) replacement where better connections acted as a Supernode(in Tox UDP mode). |
|
I somewhat agree with @fcore117 , being able to toggle direct-mode per contact would be great. |
|
Usability wise yes, but security wise we're quite far from being able to do that safely. Right now, we globally disable UDP by not opening a UDP socket at all, so it's impossible to have bugs that accidentally leak the IP when a user is using tor (except from DNS lookups). If we allow direct connections to some friends but not others, we need to open a UDP socket and then be extremely careful with it. Currently the code is not very careful about that at all, so it'll need a bunch of refactoring to make that safe to do. |
|
I agree with @iphy: that would be a security nightmare, and at the moment there's no testing for any of this.
I think a higher priority is to do DNS lookups over Tor when using Tor/SOCKS5. Naive users of Tor don't firewall their machines (which is hard) so then leak DNS lookups a lot, and that leaks that you are using Tox. The c-code to do a DNS lookup over Tor is tiny: IIRC you connect to 9050 and give a specially formatted binary oneliner. I know I have python code that does it: if anyone is interested I'll look for it. Is there an issue open for DNS lookups over Tor when using Tor/SOCKS5? If there is one opened I'll be glad to point to the python code in one. The Ccode would be a direct translation. |
|
The five+ year old open issue on this is: #469 |
Hi,
Could someone please advise me if there's a risk for my IP to be exposed to my connected friends when I'm using TCP-only (UDP disabled)?
As I understand, if TCP relay is used, my friends will only see the IP address of the TCP relay that they are connecting to, and will not be able to see the destination IP address. However, as my knowledge about the protocol is still shallow, will there be a possible scenario for my friend to somehow figure out my IP address?
You answer will be greatly appreciated.
The text was updated successfully, but these errors were encountered: