Konqueror & SOCKS with Tor+Privoxy
robert at roberthogan.net
Sun Jan 20 19:13:23 UTC 2008
On Saturday 19 January 2008 23:36:35 Roger Dingledine wrote:
> On Sat, Jan 19, 2008 at 03:31:51PM -0800, Ned Bun wrote:
> > I can't find an answer to this question anywhere.
> You might find
> to be useful.
> > In using Konqueror with Tor and Privoxy, should the SOCKS settings in
> > Konqueror's Settings->Configure Konqueror->Proxy->SOCKS be configured
> > in some way? It seems to work fine without the SOCKS section
> > configured, but leaving the "Enable SOCKS support" box unchecked
> > disturbs me slightly. Should this section need configuration if
> > everything appears to be working? Why are instructions for Firefox for
> > SOCKS always specified but when it comes to Konqueror, no one says
> > anything about the SOCKS configuration area?
> You should configure the socks part too. The reason is that browsers
> have a habit of supporting all sorts of weird protocols besides http and
> https, and if some webpage gives you (over Tor) a link that points to
> one of those other protocols, then your browser will fetch it without
> going through any proxies. If you specify a socks proxy, your browser
> should [*] use the socks proxy for all other protocols.
> (I say "should" because I have no idea what bugs konqueror has where
> it decides it's smarter than you and shouldn't use a proxy for some
For some reason Konqueror doesn't support socksifying to a tcp port - only the
library detection and loading that Ned describes. It's hardcoded to detect
any of the following files in the usual paths (or a path you specify):
_libNames << "libsocks.so" // Dante
<< "libdsocksd.so.0" // Dante 1.1.14-2 on
// Debian unstable 17-12-2003
<< "libsocks5.so" // ?
<< "libsocks5_sh.so"; // NEC
Many of Konqueror's IO slaves (e.g. smb:/, fish:/ for obvious reasons) don't
respect its proxy settings so if the user assumes that the window, rather
than the protocol, is anonymized then that will be a problem.
However, installing Dante is also a problem because then *every* ioslave
starts using it, including pop3, smtp and so on.
So a rock and a hard place. TorK, which supports using Konqueror, needs to
alert the user that Konqueror can only be safely used for http and https. As
other posters have noted, Konqueror is quite secure in some respects, but
it's pretty crap socks support and the integration of ioslaves into the
interface are a problem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
More information about the tor-talk