Preventing Leaks, feature request?
rigaac opened this issue · 4 comments
As far as I can tell, there is no way (yet perhaps) for the bitmask client to prevent data from leaking while bitmask connects and in the event of timeouts/disconnects/reconnects/etc.
The new 0.6 version takes several measures to minimize these potential leaks.
These measures, however, are not an iron clad guarantee. For that, we would need to distribute an alternate version for rooted phones that included some firewall rules to ensure that no traffic escapes and that no process tries to use a different DNS server. This is what we do on Linux (with Mac and Windows firewalls in the works).
I am not yet sure if this will be of sufficient benefit yet to justify a version for rooted phones. In general, it is really bad security practice to grant apps root and it is not something we want to encourage people to do, but maybe it would be worth it if this is the only way to prevent some kinds of common leaks.
There are probably more things that can be done to tighten the leak prevention without resorting to root.
@parmegv, can you write up somewhere a brief technical overview of preserve tun and the other things you added in 0.6?
OK, I'll write that brief technical overview.
To summarize, I've implemented 2 things aimed for security:
- Persistent tun: once your vpn connection is established, the tun interface will remain open blocking any traffic not being routed by it. That means that if you lose connectivity (turn off data link or wifi link), you will not see any data coming to the device or going out of it while VPN is restablished with a new data/wifi link.
- Set a higher priority: that let's us see the Bitmask UI as soon as the device has booted. We cannot set up persistent tun during reboot because that would require root.
Thank you for the clarifications and taking the time to write that up. I brought this up because I can (at least I think I can) see leaking happen when I turn on my wifi or mobile data and wait for bitmask or openvpn to connect. While it is still authenticating my user credentials other apps have used the wifi/mobile data connection to gather updates. Perhaps this is more a problem of needing to be diligent with respect to automatic update preferences within specific apps.
If you're using 0.6.0, that should not happen if the tunnel was already established before turning off data or wifi connection.
Regarding updates, I'd strongly recommend you to install just the apps you trust on, and even more strongly, to update them as soon as a new release comes up. Security really requires updates.