[tor-relays] Onion address or clearnet address

Tom Ritter tom at ritter.vg
Fri Feb 7 11:26:03 UTC 2014


On 6 February 2014 14:51, Thomas Themel <thomas at themel.com> wrote:
> Hi,
> Luther Blissett (lblissett at paranoici.org) wrote on 2014-02-06:
>> 1. When you access the clearnet you need dns name resolving which need
>> to be "proxyfied" to avoid dns leaks. This issue is supposed to be
>> solved on decent OSes and with TBB, but it is difficult to guarantee
>> that other software/OS won't try to bypass you proxy settings, so it's a
>> permanent worry. When you connect to hidden services, name resolving is
>> done inside tor, never leaving out.
>
> I don't really get this concern. Assuming tor doesn't manage to
> intercept DNS resolution, won't trying to resolve a well-known .onion
> address leak as much information as resolving the equivalent clear
> address?

I believe you're correct. If you're worried that some crazy
combination of torsocks+adium might leak the DNS name, it might also
leak the .onion. My mostly-normally-configured Windows testing desktop
actually sends it out four times:

A record for 'whatever.onion'
A record for 'whatever.onion.apt' ('apt' being the internal domain,
companies will often use .corp or some other brand)
AAAA record for 'whatever.onion.apt'
AAAA record for 'whatever.onion'

And a published hidden service name is no more 'anonymous' than duckduckgo.com.

-tom


More information about the tor-relays mailing list