privoxy/firefox
Arrakis Tor
arrakistor at gmail.com
Mon Aug 29 08:04:53 UTC 2005
I have FF 1.0.6 and TorCP reports back to me that firefox it is only
reporting IPs, meaning it is getting dns data from somewhere...
whether it is localized or remote, I don't know.
On 8/29/05, Bob <monfster at gmail.com> wrote:
> I have FF 1.0.6 stable, and it does do it's own DNS lookups when using
> socks5 to tor. There are no DNS leaks that I have found using privoxy and
> tor, unless you have it using OCSP, in which case it does a dns lookup for,
> say, ocsp.verisign.com, and then it seems to do an regular http ocsp check,
> bypassing the proxy settings. I assume that the certificate being checked
> could be identified by that traffic, thus revealing the ssl site you are
> browsing to through tor. A lot of the plugins, such as the "ShowIP" plugin
> also cause DNS leaks, plus, with geolocation and akamai servers, the ip
> shown by showip may not be the ip used by whatever tor server you exited
> from...
>
> > -----Original Message-----
> > From: owner-or-talk at freehaven.net
> > [mailto:owner-or-talk at freehaven.net] On Behalf Of Arrakis Tor
> > Sent: Sunday, August 28, 2005 11:37 PM
> > To: or-talk at freehaven.net
> > Subject: Re: privoxy/firefox
> >
> > I would very much appreciate an investigation into it.
> >
> > On 8/29/05, ADB <firefox-gen at walala.org> wrote:
> > > The latest stable (1.0.6) operates without causing any
> > screen messages
> > > when tor is set to 'notice' loglevel. Programs known not to
> > do DNS in a safe
> > > manner do result in such notifications. When did you last
> > review the source?
> > > I'll do a local ethernet sniff w/ Etherial if you would like further
> > > verification (it's late right now otherwise I would just do
> > it immediately).
> > >
> > > Roger Dingledine wrote:
> > > On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
> > >
> > >
> > > FF does SOCKS 5 securely, so I don't see why you couldn't.
> > The only
> > >
> > >
> > >
> > > Other than not having cookies blocked, Is there anything to lose by
> > > not having privoxy installed, and using firefox as its own sock5
> > > proxy? Does this compromise security by dns headers?
> > >
> > >
> > >
> > > Last I read the code, the way Firefox does socks5 is *not*
> > secure from
> > > Tor's perspective. It does the DNS resolve itself, then
> > passes the IP
> > > address to Tor via socks5.
> > >
> > > Firefox 1.1 (not yet released, as far as I know) has an
> > option to "do
> > > dns remotely", which makes it safe. Adam Langley has a
> > howto on this:
> > > http://www.imperialviolet.org/deerpark.html
> > >
> > > --Roger
> > >
> > >
> > >
> > > .
> > >
> > >
> > >
> > >
>
>
>
More information about the tor-talk
mailing list