Nathan of Guardian: > WARNING: We are still fully auditing this build and reviewing new > functionality and code available in Firefox/Fennec ESR52 to ensure there > are no network leaks or other privacy decreasing features.
Orfox-v1.4-beta-2 (fresh install on LineageOS 14.1, no Play Services) appears to be leaking a lot: - Whenever a tab has finished loading, I see a clearnet DNS resolve of the URL bar domain. Which I block, so I don't know what would be requested next. The websites still load fine, and check.tpo shows success. - Same leak for the domain firefox.settings.services.mozilla.com, but loaded automatically. - I also see (attempted) outgoing packets related to the Internet Group Management Protocol [1] and the Simple Service Discovery Protocol [2]. These can be avoided by changing browser.casting.enabled [3] to false. orplug [4] log: [ 451.615091] orplug: reject out: IN= OUT=wlan0 SRC=192.168.1.2 DST=224.0.0.22 LEN=40 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2 [ 452.125664] orplug: reject out: IN= OUT=wlan0 SRC=192.168.1.2 DST=239.255.255.250 LEN=122 TOS=0x00 PREC=0x00 TTL=1 ID=32670 DF PROTO=UDP SPT=1900 DPT=1900 LEN=102 UID=10168 GID=10168 Rusty 1. https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol 2. https://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol 3. https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_send-video-to-device 4. https://github.com/rustybird/orplug
signature.asc
Description: PGP signature
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
