Improving the robustness of Tor Check

[Steven J. Murdoch]

On Tue, Mar 11, 2008 at 08:35:17PM +0000, Robert Hogan wrote:
> - A frame (or image link ) that launches a request to 
> http://[unqiuesessionid].tor/test.jpg. This frame has a caption stating 
> that 'could not resolve domain name' or a blank image means you are leaking 
> DNS. If you are not, Tor recognises the sessionid and special url and serves 
> a 'DNS OK' page or image in that frame.

Thanks for the suggestion.

The reason I didn't use this approach is because what happens if the
browser is not configured to use Tor. A blank image or generic "could
not resolve domain name" error message is not very helpful. With my
proposal, a user would be sent to a webpage which explains what went
wrong and how to fix it.

There is still one problematic case, which is if the proxy
configuration is set to the wrong port. Here the user would see a
generic error message. Maybe there could be some way to combine the
two approaches, since connections to 127.0.0.1 will bypass proxy
settings in most cases.

This does mean, however, that if Tor is not running at all, the user
would get a generic error page. I can't think of a solution which
fixes both cases in a neat way.

That said, the main scenario I want to prevent is a user thinking
they're using Tor when they're not. Having their browser unable to
access any web page is undesirable, but at least they're not going to
do anything unsafe.

Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/