Page 1 of 1

Slimjet Phones Home to Google over VPN and Tor

Posted: Tue Sep 22, 2015 5:33 am
by Stirrups
This is a deal breaker for me. :cry:

I moved from Iron to Slimjet because Slimjet had the WebRTC option and now I find Slimjet is phoning home to Google. I use a VPN and Tor so adding it to firewall rules isn't a solution and, what is worse, it is leaking my identity over a secure connection. I guess all Chrome browser derivatives are security risks as not one seems to address these concerns.

It's a shame because apart from that, I am a great fan but have to uninstall and keep searching.

Re: Slimjet Phones Home to Google over VPN and Tor

Posted: Tue Sep 22, 2015 8:10 am
by dev
I understand the frustration but a bit more information about the problem would be handy so people can try to help. What sort of vpn paid or just a extension one, how and in what manner is the browser leaking info back to google (might just need to block it in your host files). Is the leak actually webrtc related ? run ublock in slimjet and enable their webrtc block if the default slimjet settings is not blocking it.
There is two ways to use tor and a vpn first way is to use Tor through a VPN , this displaces trust from the ISP to the VPN, but metadata can still be logged. The other is using a VPN through Tor this can be difficult to do properly, but brings more benefits by hiding traffic from exit nodes.
Options could be use the tor browser or PirateBrowser or opera and run their turbo mode.

Re: Slimjet Phones Home to Google over VPN and Tor

Posted: Wed Sep 23, 2015 7:02 am
by Stirrups
dev wrote:I understand the frustration but a bit more information about the problem would be handy so people can try to help. What sort of vpn paid or just a extension one, how and in what manner is the browser leaking info back to google (might just need to block it in your host files). Is the leak actually webrtc related ? run ublock in slimjet and enable their webrtc block if the default slimjet settings is not blocking it.
There is two ways to use tor and a vpn first way is to use Tor through a VPN , this displaces trust from the ISP to the VPN, but metadata can still be logged. The other is using a VPN through Tor this can be difficult to do properly, but brings more benefits by hiding traffic from exit nodes.
Options could be use the tor browser or PirateBrowser or opera and run their turbo mode.
Last comment first. So you are recommending that I not use Slimjet? Of course I can use a non Chromium browser. I'd prefer to use yours otherwise I wouldn't be here. But Slimjet is unusable for me.

I mentioned WebRTP because it was the main reason for switching to Slimjet from an otherwise secure browser. Don't get hung up on that. It was context only and nothing to do with my complaint.

You cannot block a tunnel with a hosts file. I have already made that point. With Tor, VPN or local proxy, you tunnel your traffic through 127.0.0.1 so the host file is never consulted.

All the other stuff about Tor/VPN is just irrelevant. The issue is the browser is phoning home to multiple URLs through secure connections and the only resolution is not to use Slimjet. It is a security risk that should be taken very, very seriously.

Anyway. If you do decide to remove it in the future, then I may come back and reassess using Slimjet because it is by far the best of the blink bunch. But compromising my anonymity and security is a rather dangerous deal breaker for me.

Re: Slimjet Phones Home to Google over VPN and Tor

Posted: Wed Sep 23, 2015 9:22 am
by dev
Stirrups wrote:
dev wrote:I understand the frustration but a bit more information about the problem would be handy so people can try to help. What sort of vpn paid or just a extension one, how and in what manner is the browser leaking info back to google (might just need to block it in your host files). Is the leak actually webrtc related ? run ublock in slimjet and enable their webrtc block if the default slimjet settings is not blocking it.
There is two ways to use tor and a vpn first way is to use Tor through a VPN , this displaces trust from the ISP to the VPN, but metadata can still be logged. The other is using a VPN through Tor this can be difficult to do properly, but brings more benefits by hiding traffic from exit nodes.
Options could be use the tor browser or PirateBrowser or opera and run their turbo mode.
Last comment first. So you are recommending that I not use Slimjet? Of course I can use a non Chromium browser. I'd prefer to use yours otherwise I wouldn't be here. But Slimjet is unusable for me.

I mentioned WebRTP because it was the main reason for switching to Slimjet from an otherwise secure browser. Don't get hung up on that. It was context only and nothing to do with my complaint.

You cannot block a tunnel with a hosts file. I have already made that point. With Tor, VPN or local proxy, you tunnel your traffic through 127.0.0.1 so the host file is never consulted.

All the other stuff about Tor/VPN is just irrelevant. The issue is the browser is phoning home to multiple URLs through secure connections and the only resolution is not to use Slimjet. It is a security risk that should be taken very, very seriously.

Anyway. If you do decide to remove it in the future, then I may come back and reassess using Slimjet because it is by far the best of the blink bunch. But compromising my anonymity and security is a rather dangerous deal breaker for me.
Last comment i made is a answer to your " but have to uninstall and keep searching." so i gave a few options i know of, you didn't state you would like a chromium based option.
Because it was your opening statement I took it as the problem was that the webrtc protocol was causing the leak as it known for it.
You still haven't given any relevant info on what sort of vpn you are using or what info is leaking and to where (back to google is a bit vague). I would say this info is relevant as a another user on the forum may had been in the same situation with the same problem but has a solution.