Some background, I was a hacker for 15 years and survived some heinous shit including attempts of doxing by class enemies and actually being hunted by feds. But one of the techniques keeps coming back from the death all those decades is Electron web app framework HTTP leak. It’s a very simple 0day but niche to the point that Electron devs somehow can’t patch it. What this HTTP leak attack does is it allow traffic from an app client to be traced as soon as the attacker made contact with the client network server. Electron leaks both private and public IP addresses of user. You can demonstrate this yourself with just a reddit app and chat function, and tracert. It’s a trivia bug but if you have heard of things like Xbox, psn or steam resolver, it’s basically just Electron HTTP leak attack. And it costs actual thousands of human lives in both global south, and in US especially the Andrew Finch murder in Wichita because the doxer used resolver. And that’s a thing, once you get the IP, you can locate the target’s ISP narrowing down the subnet of it. But because Palestine subnet is significantly smaller than US, Zionist and American intelligence can just increase accuracy through host discovery or ping scanning to correlate all connected targets in the same network pinpoint exact device Electron leaking. Please consider this in your opsec.
Thank you for sharing this, I have no doubt you are correct. Admittedly though, as someone who is not technically inclined I don’t quite know what to do with this information. Should I limit the apps on my phone to only what is essential? Use iOS with ADP and Lockdown Mode? Go with GrapheneOS? Just chuck out my phone entirely?
It doesn’t matter if you put the app in lockdown mode because as long as it allows to receive traffic from outside world the attacker can make contact with your device. I think people don’t understand the risk that they don’t need to compromise your device like fancy Pegasus, all they need to do is just send empty packet to the app that uses Electron and it will ping back literally immediately your location. You can even say that it’s an NSA backdoor because every time there’s a thread brings up about the IP leak the devs immediately shut down the discussion and claim it’s not their fault, despite every single social media app out there including Signal uses Electron. Matrix is the only app immune to this because it doesn’t use Electron for web app.