tor with ipv6 leak, what is this threat modle?

38 views
Skip to first unread message

winter...@scryptmail.com

unread,
Feb 20, 2019, 5:00:06 PM2/20/19
to qubes...@googlegroups.com, qubes...@googlegroups.com

Hi All,


Recently I noticed ipv6-test website can see tor browser’s ipv6 address

though it might not be necessaiyly my own ipv6, but that does somehow put me on alart and to post a question at here,

I do see other people asked this question at stackexchange before, but I don't quite get the answer for the question of mine.
https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com

So I like to know if it's secure to check webmail thought tor, since if exit node's ipv6 can be identified,
there is a chance to track further back to other nodes as well.

you can say mac address can be changed, but it's not difficult to find out the real one as well.

So should we use tor to check webmails? especially tor+VPN make it more obviours on tor network,
does this make it actually wraker than just use firefox+vpn?

if you are a qubes user, what browser do you use to check w ebmails?

really want know how you think, thank you

pixel fairy

unread,
Feb 23, 2019, 3:25:27 AM2/23/19
to qubes-users
can you disable ipv6 or ipv6 forwarding in sys-whonix?

try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all and either echo 0 > forwarding or 1 into disable_ipv6

hopefully that will working until upstream fixes it.

pixel fairy

unread,
Feb 23, 2019, 3:29:39 AM2/23/19
to qubes-users
this change is not persistent across reboots. for that youd need to run that everything time you start sys-whonix or make the change in /etc/sysctl.conf and make that file persistent https://www.qubes-os.org/doc/bind-dirs/

pixel fairy

unread,
Feb 23, 2019, 3:46:54 AM2/23/19
to qubes-users
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com wrote:
just checked it, and it looks like its using the exit nodes ipv6, not yours. so if there was a bug, it seems to be fixed. just in case, you should check it against the ipv6 in sys-net.
Reply all
Reply to author
Forward
0 new messages