Please don't recommend Tor Button!
Roger Dingledine
arma at mit.edu
Thu Mar 29 00:20:27 UTC 2007
On Wed, Mar 28, 2007 at 12:38:09AM -0700, JT wrote:
> recommending the Tor Button is a security/anonymity hazard. Clicking on
> the Tor button will automatically remove the ftp and gopher proxy in
> firefox for example.
Torbutton does different things depending on your version of Firefox.
On versions less than 1.5.x -- the ones that don't support
socks_remote_dns -- it sets every proxy it can find, because if you
leave any of them out, the browser will default to your socks proxy and
broadcast the DNS resolve as it does so.
On versions that have socks_remote_dns, we're in better shape. Torbutton
automatically sets that, so now when things default to your socks proxy,
it's still safe.
I just updated the FTP FAQ entry:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#FtpProxy
Thanks,
--Roger
More information about the tor-talk
mailing list