Zero-day exploitRead: https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-
hernandezUnpatched IP discovery, this is an "oldy but goldy" in the realm of tor-exploits (info credits go to Dominik Bok)
Re:
http://xordern.net/ip-leakage-of-mobile-tor-browsers.htmlEspecially be careful using Brave browser's private window with tor. (update and fully patch tor browser always)
Disable Autoplay, all kind of external multi-media elements can be loaded through internal multimedia players.
In this way the internal user IP-address can be discovered easily, even after 1 or 2 request for the running "raw http stream" content.
Check using Quick Source View extension in the browser to find out what normally is being loaded externally.
To use tor a tad more safely in a legit fashion this is very important.
This also could happen when no WebChromeClient for inline HTML5 Video
on android had is being set.
Perfect all-round security will always be and stay an illusion,
and in the aforementioned case the facebook zero-day exploit helped to nail the child-abuser.
So as often repeated the credo is: "Don't do the crime, if you can't pay the time!".
But on the other hand it could also mean danger for legit users and journalist working amidst dictatorships
and for them such a facebook zero day would just mean bad luck and could potentially endanger their lives.
"When the going gets narrow , always keep your eye on the Tor-sparrow".
So it often is a cat-and-mouse game. And in the aforementioned case the authorities did win.
(info credits go to xordern and luntrus)
<video controls="controls" autoplay="autoplay" poster="<=php file>">
<source src="<=php file>" type="video/mp4" />
</video>
]
Check for eventual IP leakage with HTML5 here:
http://xordern.net/checkipFor me Fire Onion on android seems secure.
Enjoy, my good friends, enjoy,
polonus
P.S. Also be aware not to land at a blacklisted exit node, example:
https://cleantalk.org/blacklists/185.220.101.143which there is being blacklisted by three instances.
D.