privoxy/firefox

Arrakis Tor arrakistor at gmail.com
Tue Aug 30 15:12:58 UTC 2005


Download Dear Park Alpha 2 and run the about:config to force the DNS
queries to be done remotely, and then we will have something more to
talk about. This seems to be the issue, as 1.06 etc, do not have to
option for decentralized dns query, where the experimental versions
do. But for the later versions you must enable it.

On 8/30/05, ADB <firefox-gen at walala.org> wrote:
>  Damnit! Aparently Dingledine was right. Etherial picked up the DNS queries.
> It seems that just because Tor doesn't say that there's a problem, it
> doesn't mean that there isn't a DNS leak going on. Could this behavior (or
> lack thereof) be considered a bug?
>  
>  ~Andrew
> 
>  
>  Arrakis Tor wrote: 
>  I would very much appreciate an investigation into it. 
> 
> On 8/29/05, ADB <firefox-gen at walala.org> wrote:
>  
>  
>  The latest stable (1.0.6) operates without causing any screen messages
> when tor is set to 'notice' loglevel. Programs known not to do DNS in a safe
> manner do result in such notifications. When did you last review the source?
> I'll do a local ethernet sniff w/ Etherial if you would like further
> verification (it's late right now otherwise I would just do it immediately).
>  
>  Roger Dingledine wrote: 
>  On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
>  
>  
>  FF does SOCKS 5 securely, so I don't see why you couldn't. The only 
> 
>  
>  
>  Other than not having cookies blocked, Is there anything to lose by
> not having privoxy installed, and using firefox as its own sock5
> proxy? Does this compromise security by dns headers?
>  
>  
> 
> Last I read the code, the way Firefox does socks5 is *not* secure from
> Tor's perspective. It does the DNS resolve itself, then passes the IP
> address to Tor via socks5.
> 
> Firefox 1.1 (not yet released, as far as I know) has an option to "do
> dns remotely", which makes it safe. Adam Langley has a howto on this:
> http://www.imperialviolet.org/deerpark.html
> 
> --Roger
> 
> 
> 
> .
> 
>  
>  
> 
>  
>  
> 
>  
>  
>



More information about the tor-talk mailing list