[tor-bugs] #23249 [Applications/Tor Browser]: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using SOCKS v5" is enabled

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Aug 19 14:23:49 UTC 2017 

#23249: Tor Browser DNS security: hosts file bypassed when "Proxy DNS when using
SOCKS v5" is enabled
--------------------------------------+---------------------------
 Reporter:  lux+tor@…                 |          Owner:  tbb-team
     Type:  defect                    |         Status:  closed
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Major                     |     Resolution:  not a bug
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+---------------------------

Comment (by lux+tor@…):

 This will be my last reply.

 I've spent almost a day and a half lost in the (vain) attempt to use
 reason to prove a sound argument, only to get a response similar to "''No
 you're wrong. No reason.''". I am quite disappointed ... ("''Don't meet
 your heroes''" I guess)

 Had I not tried to do the right thing (convince people so they can be
 right + correct a pretty good software so that it could work as expected),
 I would already have a viable workaround by now.

 What follows is for :

  1. the undecided people: to help them come to the right conclusion (until
 ''rationally'' disproved)
  1. the decided people: to give them a lead on how to do a workaround

 == (for the undecided) Using hosts file might increase security ==
 The answer was : "''Not bypassing hosts isn't an increase in security.''"

 My english is not so good and two negations is too much for a positive
 person like me ;-). I suppose it means "''No use of `hosts`file increases
 security''".

 Some very rough definitions:

  * security: protection against risk

  * risk: probability x negativity

  * negativity: something bad. Losing $$ is a financial negativity. Getting
 sick is a health negativity. Being identified is an anonymity negativity.

 So, security is what reduces the probability of risk or reduces the
 negativity (the quantity of $$ you lose).

 This example is taken from my own history. Once upon a time (!^_!^), I
 tried to buy something on internet. The website I've found proposed what I
 wanted, and for a very good price. I paid, with my credit card, but I
 received nothing. The website was a scam. I was sad. I added this website
 inside my `hosts`file. A long time after, I searched for completely
 something else, the search engine gave me a result that gave the
 impression to fit, but I could not access the website. After some
 investigation, the website was blocked by my `hosts`file: it was the very
 same website that had stole me once. The `hosts` file '''prevented me from
 losing some $$'''! (What a hero!)

 QED

 == (for the decided) Workaround to use both Tor and hosts file ==
 '''Warning''': for those who jumped to this section without reading the
 rest, it is '''not recommended''' by Tor Browser team!

 I already spent too much time on this issue, so I will only give a lead.

 If you want the security provided by the `hosts`file '''and''' still have
 some pretty-good (but suboptimal) anonymity, you might want to:

  * route your DNS requests through Tor: this article
 (tuxdiary.com/2015/11/16/resolve-dns-tor/) seems quite good

  * configure your Tor Browser with "''Edit''" menu / "''Preferences''" /
 "''Advanced''" / "''Network''" / "''Settings''" / uncheck "''Proxy DNS
 when using SOCKS v5''"

 How it works? By configuring Tor Browser this way, it will use the local
 mechanism to solve hostnames: by default `hosts`file '''then''' DNS. As
 your DNS requests go through Tor Browser's Tor service, it's good.

 What is bad? If I wanted this matter solved the right way, it is for a
 good reason: with the workaround just proposed, the problem is that
 '''every''' DNS requests go through Tor, even the DNS requests of other
 softwares (which might break the "State Separation" principle as explained
 earlier). It also means that Tor Browser has to be always running (-_-).

 If you want something that does not go through Tor Browser's Tor service:

  * install a separate Tor service: see
 [https://www.torproject.org/docs/installguide.html.en Tor Project
 Installation Guides]

  * configure this Tor service to use a different port (other than `9050`),
 by editing the `torrc`file (Linux: `/etc/torrc`)

  * route your DNS requests through this Tor service (and not through the
 Tor service alongside Tor Browser): this article (tuxdiary.com/2015/11/16
 /resolve-dns-tor/) still seems quite good

  * configure your Tor Browser with "''Edit''" menu / "''Preferences''" /
 "''Advanced''" / "''Network''" / "''Settings''" / uncheck "''Proxy DNS
 when using SOCKS v5''"

 This workaround is cleaner but needs more work ...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23249#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list