[tor-talk] Any risks with another application using Tor's SOCKS 5 interface?

Moritz Bartl moritz at torservers.net
Wed Dec 4 21:05:24 UTC 2013


On 04.12.2013 18:57, James Marshall wrote:
> Is there any risk with another local application using Tor's SOCKS 5
> interface?  I heard a vague comment that it wasn't recommended, but I
> haven't heard exactly what the risks are, if any.

Using a regular browser opens you to a lot of deanonymization attacks
that Tor Browser does not. Read
https://www.torproject.org/projects/torbrowser/design/ for more details.

> This is for CGIProxy, which can use SOCKS 5 to provide a clientless
> front-end to the Tor network (clientless in the sense that it doesn't
> require an installation on the browsing machine).  This could significantly
> increase the potential user base of Tor, since many users can't or don't
> want to install anything on their browsing machine.

You don't have to "install" Tor Browser, just extract to any directory
you have write permission for. This can be a USB stick, or the home
directory, or, if you can boot from a separate disk, Tails. So, everyone
"can" install Tor Browser.

With CGIProxy, you have to trust the operator of the cgi proxy, because
it sees all traffic.

-- 
Moritz Bartl
https://www.torservers.net/


More information about the tor-talk mailing list