[tor-talk] wget - secure?
Maxim Kammerer
mk at dee.su
Fri Apr 20 15:34:07 UTC 2012
On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774 at gmail.com> wrote:
> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command. wget is not
> ‘100% safe’.
Well, I was talking about http(s) specifically. While wget does
support ftp_proxy environment variable, I am not aware of any
“standard” configuration involving Tor (e.g., Privoxy / polipo) that
supports ftp_proxy (I guess wget would send proxy's IP in that case,
but didn't check). When used with tsocks / torsocks' LD_PRELOAD hack,
wget sends 127.0.0.1 with PORT, which only happens with
--no-passive-ftp, and is kind of pointless.
Perhaps you have seen the behavior you talk about in Tails, back
before I convinced them that transparent proxying with iptables is a
bad idea? In that case, the problem is with transparent proxying, not
wget.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
More information about the tor-talk
mailing list