[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com wrote: > Hi All, > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > though it might not be necessaiyly my own ipv6, but that does somehow put me > on alart and to post a question at here, > > I do see other people asked this question at stackexchange before, but I > don't quite get the answer for the question of mine. > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > So I like to know if it's secure to check webmail thought tor, since if exit > node's ipv6 can be identified, > there is a chance to track further back to other nodes as well. > > you can say mac address can be changed, but it's not difficult to find out > the real one as well. > > So should we use tor to check webmails? especially tor+VPN make it more > obviours on tor network, > does this make it actually wraker than just use firefox+vpn? > > if you are a qubes user, what browser do you use to check w > ebmails? > > really want know how you think, thank you just checked it, and it looks like its using the exit nodes ipv6, not yours. so if there was a bug, it seems to be fixed. just in case, you should check it against the ipv6 in sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3674428b-0bba-4d8f-9d0b-67e7c2fb9ff1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Saturday, February 23, 2019 at 12:25:27 AM UTC-8, pixel fairy wrote: > On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com > wrote: > > Hi All, > > > > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > > > though it might not be necessaiyly my own ipv6, but that does somehow put > > me on alart and to post a question at here, > > > > I do see other people asked this question at stackexchange before, but I > > don't quite get the answer for the question of mine. > > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > > > So I like to know if it's secure to check webmail thought tor, since if > > exit node's ipv6 can be identified, > > there is a chance to track further back to other nodes as well. > > > > you can say mac address can be changed, but it's not difficult to find out > > the real one as well. > > > > So should we use tor to check webmails? especially tor+VPN make it more > > obviours on tor network, > > does this make it actually wraker than just use firefox+vpn? > > > > if you are a qubes user, what browser do you use to check w > > ebmails? > > > > really want know how you think, thank you > > can you disable ipv6 or ipv6 forwarding in sys-whonix? > > try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all > and either echo 0 > forwarding or 1 into disable_ipv6 > > hopefully that will working until upstream fixes it. this change is not persistent across reboots. for that youd need to run that everything time you start sys-whonix or make the change in /etc/sysctl.conf and make that file persistent https://www.qubes-os.org/doc/bind-dirs/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7073c0a8-9c38-4f2b-b078-1a0fea385a43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com wrote: > Hi All, > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > though it might not be necessaiyly my own ipv6, but that does somehow put me > on alart and to post a question at here, > > I do see other people asked this question at stackexchange before, but I > don't quite get the answer for the question of mine. > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > So I like to know if it's secure to check webmail thought tor, since if exit > node's ipv6 can be identified, > there is a chance to track further back to other nodes as well. > > you can say mac address can be changed, but it's not difficult to find out > the real one as well. > > So should we use tor to check webmails? especially tor+VPN make it more > obviours on tor network, > does this make it actually wraker than just use firefox+vpn? > > if you are a qubes user, what browser do you use to check w > ebmails? > > really want know how you think, thank you can you disable ipv6 or ipv6 forwarding in sys-whonix? try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all and either echo 0 > forwarding or 1 into disable_ipv6 hopefully that will working until upstream fixes it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/724c8c40-e2ac-4059-ac1f-d0dcb2959a0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
