Document if "In-App Updater" always uses Tor or not #176
Labels
documentation
Improvements or additions to documentation
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This ticket is a request to update the Feather Documentation to make it clear if the in-app updater always uses Tor, or if any connections will be made outside of Tor
The above documentation describes a number of ways that Feather Wallet will connect to the internet when doing an update:
Help->Check for UpdatesCurrently, it is unclear from the documentation which of these steps will use Tor, if and any of the steps will be made over the clearnet
Why?
This is important to protect users from information leakage. If Feather Wallet fetches its updates over the clearnet, then it could alert Eve to the fact that the user is using a monero wallet (by seeing which server they're connecting-to).
With all of the scams targeting crypto users (eg Pig Butchering), many users may prefer to minimize their risk by not letting their adversaries know that they use crypto services (so they're less likely to be targeted).
For this reason, they may want to make sure that all traffic from the app is passed through Tor, including "what's the latest version" checks (and the actual in-app download of the payload). But, currently, the documentation doesn't make it clear if these are passed through Tor or not.
Solution
The solution to this ticket is to update the following page to indicate if any of the steps of the in-app updater are made over the clearnet, or if all of the steps are forced to be made through Tor.
If any of the connections in the update process are made outside of Tor, then a warning message should be added to the documentation about the risk of information leakage (that an attacker who is monitoring their network connection could learn that they're using Feather Wallet).
The text was updated successfully, but these errors were encountered: