Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • T tails
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 970
    • Issues 970
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 23
    • Merge requests 23
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • tails
  • tails
  • Issues
  • #7976
Closed
Open
Issue created Oct 01, 2014 by anonym@anonymMaintainer2 of 2 checklist items completed2/2 checklist items

Disable LAN access in Tor Browser

Originally created by @anonym on #7976 (Redmine)

Ignoring the as of today still not finished analysis of the full scale of Jake’s FOCI12 paper (#5340) can’t we stay on the safe side for at least the Tor Browser by disabling access to RFC1918 (LAN/Private) IP addresses in it, and direct users to the Unsafe Browser for such access?

Even if we put aside the possibility of blocking some classes of deanonymization attacks (or whatever), this change makes sense for usability. Especially after we have isolated I2P from the Tor Browser (#7725 (closed)) too we would have three distinct browsers whose names rather clearly define their scope:

  • The Tor Browser deals with Tor stuff only.
  • The I2P Browser deals with I2P stuff only.
  • The Unsafe Browser deals with unsafe stuff, like the LAN, which we consider hostile in our threat model.

Or am I missing something about why we need to have the Tor Browser and Unsafe Browser overlap in functionality in this way?

The only drawback I can see is that users that are used to LAN access in the Tor Browser may get confused. If we consider it more than a documentation issue, perhaps we can add a note about it to the error page that the Tor Browser shows in this situation, i.e. “The Proxy server is refusing connections”? Or perhaps users are too well-trained to ignore browser error pages (except the header) by now?

Feature Branch: feature/7976-disallow-lan-in-tor-browser

Subtasks

  • #8218 (closed)
  • #9431 (closed)

Related issues

  • Related to #5340
  • Related to #7725 (closed)
  • Related to #7951 (closed)
  • Related to #7774
  • Blocks #5293
Edited May 15, 2020 by anonym
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking