Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Block .onion requests or transplant them to tabs with Tor enabled #14431

Closed
2 tasks
riastradh-brave opened this issue Jun 15, 2018 · 3 comments · Fixed by #14715
Closed
2 tasks

Block .onion requests or transplant them to tabs with Tor enabled #14431

riastradh-brave opened this issue Jun 15, 2018 · 3 comments · Fixed by #14715
Assignees
@riastradh-brave
Labels
feature/tor open-in-brave-core privacy QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include
Milestone
0.25.0

Comments

@riastradh-brave
Copy link
Contributor

riastradh-brave commented Jun 15, 2018
edited by kjozwiak
Loading

Test Cases

Please run through the test cases in the following PR: 855c5a4

Original Reported Issue

If a user enters https://nyttips4bmquxfzw.onion/ into the URL bar of a tab without Tor, they probably actually wanted to reach it over Tor, and probably didn't want to notify their unfriendly neighbourhood DNS server that they're about to leak something in exchange for a name resolution error page.

  • For .onion sites entered into the URL bar, we should consider either
    1. automatically transplanting them into a private tab with Tor enabled, or
    2. notifying them that the tab is not using Tor and can't reach onion services.
  • For .onion sites retrieved during page load, we should consider blocking them immediately.
    • Consider, for example, testing a locally served version of an onion site, which has secret links to other onion sites. (Old-style short onion names like the NYT Tips one above are not kept secret by the Tor network, but the next generation onion names are kept secret.)
@riastradh-brave riastradh-brave self-assigned this Jun 15, 2018
@riastradh-brave riastradh-brave mentioned this issue Jun 15, 2018
Closed
@diracdeltas
Copy link
Member

TODO in short term: block DNS onion requests in non-Tor tabs (Option 2)

riastradh-brave added a commit that referenced this issue Jul 11, 2018
@riastradh-brave
Block loading .onion sites in non-Tor tabs.
855c5a4 
fix #14431

Auditors: @diracdeltas @bsclifton

Test Plan:
I:	1. Open a tab _without_ Tor (private or nonprivate).
	2. Enter https://nyttips4bmquxfzw.onion/.
	3. Confirm that Brave blocks loading the URL.

II:	1. Open a private tab with Tor.
	2. Enter https://nyttips4bmquxfzw.onion/.
	3. Confirm that the NYT SecureDrop page loads.
	4. Bookmark it.
	5. Open a tab _without_ Tor (private or nonprivate).
	6. Try to load the bookmark.
	7. Confirm that Brave blocks loading the bookmark.
@riastradh-brave riastradh-brave mentioned this issue Jul 11, 2018
Merged
10 tasks
riastradh-brave added a commit that referenced this issue Jul 12, 2018
@riastradh-brave
Block loading .onion sites in non-Tor tabs.
6efebe7 
fix #14431

Auditors: @diracdeltas @bsclifton

Test Plan:
I:
	1. Open a tab _without_ Tor (private or nonprivate).
	2. Enter: https://nyttips4bmquxfzw.onion/
	3. Confirm that Brave blocks loading the URL.

II:
	1. Open a tab _without_ Tor (private or nonprivate).
	2. Enter: https://nyttips4bmquxfzw.onion:12345/
	3. Confirm that Brave blocks loading the URL.

III:
	1. Open a private tab with Tor.
	2. Enter: https://nyttips4bmquxfzw.onion/
	3. Confirm that the NYT SecureDrop page loads.
	4. Bookmark it.
	5. Open a tab _without_ Tor (private or nonprivate).
	6. Try to load the bookmark.
	7. Confirm that Brave blocks loading the bookmark.
@tildelowengrimm
Copy link

The latter half of this issue is now to be found in brave/brave-browser#806.

@bsclifton bsclifton modified the milestones: 0.24.x-legacy, 0.25.0 Oct 1, 2018
This was referenced Oct 5, 2018
Closed
Closed
Closed
@GeetaSarvadnya
Copy link
Collaborator

GeetaSarvadnya commented Oct 5, 2018
edited by kjozwiak
Loading

Verified on Linux x64

  • 0.25.0 907c7e4
  • Muon 8.1.8
  • libchromiumcontent 69.0.3497.100

Verified with macOS 10.12.6 using

  • 0.25.0 907c7e4
  • Muon 8.1.8
  • libchromiumcontent 69.0.3497.100
  • verified steps from test plan using Normal, Private, and Session tabs.

Verified on Windows x64

  • 0.25.2 8ea2a9c
  • Muon 8.1.8
  • libchromiumcontent 69.0.3497.100

@kjozwiak kjozwiak mentioned this issue Oct 9, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@riastradh-brave riastradh-brave

Labels
feature/tor open-in-brave-core privacy QA/checked-Linux QA/checked-macOS QA/checked-Win64 QA/test-plan-specified release-notes/include
Projects
None yet
Milestone
0.25.0
Development

Successfully merging a pull request may close this issue.

Block loading .onion sites in non-Tor tabs. brave/browser-laptop
7 participants
@diracdeltas @tildelowengrimm @kjozwiak @bsclifton @LaurenWags @riastradh-brave @GeetaSarvadnya