Konqueror & SOCKS with Tor+Privoxy

Robert Hogan robert at roberthogan.net
Sun Jan 20 19:13:23 UTC 2008


On Saturday 19 January 2008 23:36:35 Roger Dingledine wrote:
> On Sat, Jan 19, 2008 at 03:31:51PM -0800, Ned Bun wrote:
> > I can't find an answer to this question anywhere.
>
> You might find
> https://www.torproject.org/docs/tor-doc-web
> to be useful.
>
> > In using Konqueror with Tor and Privoxy, should the SOCKS settings in
> > Konqueror's Settings->Configure Konqueror->Proxy->SOCKS be configured
> > in some way? It seems to work fine without the SOCKS section
> > configured, but leaving the "Enable SOCKS support" box unchecked
> > disturbs me slightly. Should this section need configuration if
> > everything appears to be working? Why are instructions for Firefox for
> > SOCKS always specified but when it comes to Konqueror, no one says
> > anything about the SOCKS configuration area?
>
> You should configure the socks part too. The reason is that browsers
> have a habit of supporting all sorts of weird protocols besides http and
> https, and if some webpage gives you (over Tor) a link that points to
> one of those other protocols, then your browser will fetch it without
> going through any proxies. If you specify a socks proxy, your browser
> should [*] use the socks proxy for all other protocols.
>
> (I say "should" because I have no idea what bugs konqueror has where
> it decides it's smarter than you and shouldn't use a proxy for some
> situation.)
>

For some reason Konqueror doesn't support socksifying to a tcp port - only the 
library detection and loading that Ned describes. It's hardcoded to detect 
any of the following files in the usual paths (or a path you specify):

_libNames << "libsocks.so"                  // Dante
             << "libdsocksd.so.0"              // Dante 1.1.14-2 on
                                               // Debian unstable 17-12-2003
             << "libsocks5.so"                 // ?
             << "libsocks5_sh.so";             // NEC


Many of Konqueror's IO slaves (e.g. smb:/, fish:/ for obvious reasons) don't 
respect its proxy settings so if the user assumes that the window, rather 
than the protocol, is anonymized then that will be a problem.

However, installing Dante is also a problem because then *every* ioslave 
starts using it, including pop3, smtp and so on.

So a rock and a hard place. TorK, which supports using Konqueror, needs to 
alert the user that Konqueror can only be safely used for http and https. As 
other posters have noted, Konqueror is quite secure in some respects, but 
it's pretty crap socks support and the integration of ioslaves into the 
interface are a problem.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080120/d40bff7b/attachment.pgp>


More information about the tor-talk mailing list