privoxy/firefox
ADB
firefox-gen at walala.org
Tue Aug 30 07:04:55 UTC 2005
Damnit! Aparently Dingledine was right. Etherial picked up the DNS
queries. It seems that just because Tor doesn't say that there's a
problem, it doesn't mean that there isn't a DNS leak going on. Could
this behavior (or lack thereof) be considered a bug?
~Andrew
Arrakis Tor wrote:
>I would very much appreciate an investigation into it.
>
>On 8/29/05, ADB <firefox-gen at walala.org> wrote:
>
>
>> The latest stable (1.0.6) operates without causing any screen messages
>>when tor is set to 'notice' loglevel. Programs known not to do DNS in a safe
>>manner do result in such notifications. When did you last review the source?
>>I'll do a local ethernet sniff w/ Etherial if you would like further
>>verification (it's late right now otherwise I would just do it immediately).
>>
>> Roger Dingledine wrote:
>> On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
>>
>>
>> FF does SOCKS 5 securely, so I don't see why you couldn't. The only
>>
>>
>>
>> Other than not having cookies blocked, Is there anything to lose by
>>not having privoxy installed, and using firefox as its own sock5
>>proxy? Does this compromise security by dns headers?
>>
>>
>>
>>Last I read the code, the way Firefox does socks5 is *not* secure from
>>Tor's perspective. It does the DNS resolve itself, then passes the IP
>>address to Tor via socks5.
>>
>>Firefox 1.1 (not yet released, as far as I know) has an option to "do
>>dns remotely", which makes it safe. Adam Langley has a howto on this:
>>http://www.imperialviolet.org/deerpark.html
>>
>>--Roger
>>
>>
>>
>>.
>>
>>
>>
>>
>>
>>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050830/f90a495f/attachment.htm>
More information about the tor-talk
mailing list