mirror of
https://github.com/Anon-Planet/thgtoa.git
synced 2024-06-14 00:42:29 +00:00
Re: Adding some Orbot information/disclaimer
Commit 3fa1c502f0 ("Adding some Orbot information/disclaimer to
prevent people from being mislead") has minor spelling and grammar
mistakes that can be fixed.
Fixes those errors. Also adds additional context.
Signed-off-by: Than Harrison <th.thgtoa@disroot.org>
This commit is contained in:
Than Harrison
parent
3fa1c502f0
commit
83f643c3ef
28
guide.md
28
guide.md
|
|
@ -2147,7 +2147,7 @@ However, the Safer level should be used with some extra precautions while using
|
|||
|
||||
Now, you are really done, and you can now surf the web anonymously from your Android device.
|
||||
|
||||
**[Warning when using Orbot on Android]**[Appendix B6: Warning using Orbot or Android]
|
||||
**Please see** [Warning for using Orbot on Android][Appendix B6: Warning for using Orbot on Android].
|
||||
|
||||
### iOS:
|
||||
|
||||
|
|
@ -12413,16 +12413,22 @@ Model-specific registers (MSRs) and their configuration bits can also be detecte
|
|||
- [SQUIP](https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/) <sup>[[Archive.org]](https://web.archive.org/web/20220812082548/https://www.nextplatform.com/2022/08/11/squip-side-channel-attack-rattles-amds-zen-cores/)</sup> - Scheduler Queue Usage via Interface Probing. All of AMD's Zen CPUs are vulnerable to a medium-severity flaw which can allow threat actors to run side-channel attacks.
|
||||
- [Hertzbleed](https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html) <sup>[[Archive.org]](https://web.archive.org/web/20220712000058/https://www.schneier.com/blog/archives/2022/06/hertzbleed-a-new-side-channel-attack.html)</sup> - Deducing cryptographic keys by analyzing power consumption has long been an attack, but it’s not generally viable because measuring power consumption is often hard. This new attack measures power consumption by measuring time, making it easier to exploit.
|
||||
- [Retbleed](https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/) <sup>[[Archive.org]](https://web.archive.org/web/20220804151557/https://www.bleepingcomputer.com/news/security/new-retbleed-speculative-execution-cpu-attack-bypasses-retpoline-fixes/)</sup> - Retbleed focuses on return instructions, which are part of the retpoline software mitigation against the speculative execution class of attacks that became known starting early 2018, with Spectre.
|
||||
|
||||
# Appendix B6: Warning about using Orbot on Android
|
||||
|
||||
While this is often misundestood. Orbot on Android does not make your "selected apps" go through Tor if you add them to the list. Orbot is acting as device wide VPN or as a porxy. The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clearnet. This only controls the access to the device wide VPN is using to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity.
|
||||
|
||||
What is important to know is that if you launch an app (or Android does it automatically) while Orbot is not running/off, the app will just use the normal network without involving Orbot (with the exception of some apps supporting a proxy Orbot).
|
||||
|
||||
As well as you should not be surprised by Tor Browser not working when using Orbot in a VPN mode, as Tor design does not allow "Tor over Tor" (You cannot re-enter the Tor network from a Tor exit node).
|
||||
|
||||
---
|
||||
# Appendix B6: Warning for using Orbot on Android
|
||||
|
||||
While this is often misunderstood, Orbot on Android does not make your "Tor-Enabled Apps" go through Tor if you add them to the list. Orbot is acting as a device-wide VPN or (also known as a transparent proxy). The list of apps using Orbot is a whitelist. This list will not make some apps magically use Tor and unchecked ones use the clear-net. This only ensures the device-wide VPN is using Tor to route traffic. This means that Orbot can only control what app can access the VPN it creates. Other apps will lose connectivity.
|
||||
|
||||
What is important to know is that, if you launch an app (or Android does it automatically) while Orbot is not running, the app will just use the normal network, without involving Orbot (with the exception of some apps supporting a proxy Orbot).
|
||||
|
||||
Additionally, you should not be surprised by Tor Browser not working when using Orbot in VPN mode, as the Tor design does not allow "Tor over Tor" (you cannot re-enter the Tor network from a Tor exit node).
|
||||
|
||||
This is explained rather well by Alexander Færøy, who is a core developer at the Tor Project, in their [TorifyHOWTO: Tor over Tor](https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorifyHOWTO#tor-over-tor).
|
||||
|
||||
"When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy (read the warning!), creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed. You can choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged."
|
||||
|
||||
And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange:
|
||||
|
||||
"The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation."
|
||||
|
||||
# References:
|
||||
|
||||
|
|
@ -13788,7 +13794,7 @@ As well as you should not be surprised by Tor Browser not working when using Orb
|
|||
[Appendix B3: Threat modeling resources]: #appendix-b3-threat-modeling-resources
|
||||
[Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering
|
||||
[Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks
|
||||
[Appendix B6: Warning using Orbot or Android]: #appendix-b6-warning-using-orbot-on-android
|
||||
[Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android
|
||||
[References:]: #references
|
||||
[cc-by-nc-4.0]: https://creativecommons.org/licenses/by-nc/4.0/
|
||||
[LINDDUN2015]: https://lirias.kuleuven.be/retrieve/295669
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user