Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNS Leak #320

Open
issuant opened this issue Sep 30, 2024 · 9 comments
Open

DNS Leak #320

issuant opened this issue Sep 30, 2024 · 9 comments

Comments

@issuant
Copy link

issuant commented Sep 30, 2024

Checking https://mullvad.net/en/check, it says there are no DNS leaks but with https://dnscheck.tools, both the IP addresses of the desktop app and the browser proxy are visible. What's up with that? No other extensions installed. If it is a leak in the browser, to whom is it leaking? My ISP? Mullvad itself?

@issuant
Copy link
Author

issuant commented Sep 30, 2024

Does this also leak to websites? I am not sure if this is relevant but I now remember once in the past, a temporary Reddit account I created recorded my sign up location as that of the desktop app's server which was different from that of the browser's proxy.

@ruihildt
Copy link
Member

As noted in the Mullvad Browser Extension help page:

Note: Unproxied DNS requests
If another extension is using the dns API permission, then the Mullvad Browser Extension DNS requests might not be proxied. This is notably the case if Uncloak canonical names is enabled in the uBlock Origin settings. However since our proxy only works when you are connected to Mullvad, any DNS requests outside the proxy made by a third-party extension should not leak.

While this is not strictly a Mullvad Browser issue, we are investigating the best course to take:

  • warn in the extension about it
  • disable "Uncloak canonical names"

As an aside, please take note that in Firefox 129 up to Firefox 132 (which will be released in October 29th of this year), there is a bug in Firefox creating a similar DNS leak. See: https://bugzilla.mozilla.org/show_bug.cgi?id=1910593

@ruihildt ruihildt moved this from Triage to Research in Mullvad Browser Issues Sep 30, 2024
@issuant
Copy link
Author

issuant commented Oct 1, 2024

To whom is it leaking? Not my ISP I'm guessing. Can websites observe this leak, causing the issue described with Reddit?

https://bugzilla.mozilla.org/show_bug.cgi?id=1910593

This says Status: RESOLVED FIXED. Does that mean it is fixed in Firefox 132?

@ruihildt
Copy link
Member

ruihildt commented Oct 1, 2024

Yes the fix is planned to ship in Firefox 132, which should be released October 29th.

@issuant
Copy link
Author

issuant commented Oct 3, 2024

Good to hear. What about this?

To whom is it leaking? Not my ISP I'm guessing. Can websites observe this leak, causing the issue described with Reddit?

@ruihildt
Copy link
Member

ruihildt commented Oct 3, 2024

Any entity intercepting traffic between the user's device and the DNS server can potentially observe DNS leak (ISP included).

Websites can as well, if they setup DNS leak tests (which should be fairly obvious to notice if you look at the browser network connections).

@ruihildt
Copy link
Member

ruihildt commented Oct 3, 2024

But it's good to note that in the case of the Mullvad socks5 proxy, since the proxy tunnel can only run through a Mullvad VPN connection (WireGuard or OpenVPN), then there isn't really any leak.

@issuant
Copy link
Author

issuant commented Oct 6, 2024

What might have caused the thing with Reddit then?

@ruihildt
Copy link
Member

ruihildt commented Oct 7, 2024

I guess it shows that Reddit is actively looking for DNS leaks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Status: Research
Development

No branches or pull requests

2 participants