FF plugins DNS leaks
James Muir
jamuir at scs.carleton.ca
Tue Jun 19 15:35:58 UTC 2007
Marc Stossel wrote:
> This is horrible! I just found wireshark and it is GeoIP.Info
> location! The packets showed the contents of my request, even when it
> has gone through tor and the source and destination were all correct.
>
> I cannot tell about netcrafttoolbar, nor about showip. Still learning
> to use wireshark. Do these two also leak dns?
hi Marc,
the warning on the download page at tor.eff.org states the dangers of
toolbars in firefox and other browsers
(http://tor.eff.org/download.html.en). You might consider following the
advice there about using a stripped down browser to surf the web with
Tor (e.g. install a new copy of firefox, separate from the firefox you
use for non-anonymized browsing). You could also try one of the live
Tor distributions mentioned on the list.
If you could report your findings about which of your toolbars leak your
IP address based on WireShark traffic captures, then I'm sure that would
be helpful to some of the readers here.
To answer your initial question about why Tor isn't giving you a warning
about the identifying traffic leaving your computer, the answer is that
Tor can't warn you about traffic it doesn't handle. The traffic
generated by your toolbars isn't being proxied by Tor, so it won't warn
you about it. I don't use Vidalia, but I think I recall that Vidalia
does a number of geoip queries which are not proxied. This does not
necessarily violate Tor's security model, however. Remember, Tor is not
designed to hide the fact that you're using Tor. It's designed to
provide unlinkable communications.
-James
More information about the tor-talk
mailing list