[tor-talk] General questions about Tor proxy

Patrick Schleizer adrelanos at riseup.net
Sat May 17 12:04:48 UTC 2014


Akater:
> How to use Tor as proxy? How are average users supposed to find that out?

They are not. As I understand, The Tor Project moved along from being a
proxy to shipping application bundles. Because they learned a thing over
years, that just setting proxy setting doesn't make it.

Best there is is this:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

> 1. Suppose I want to use Tor with some third party application. Let's
> pick a popular example for a target service, say, Dropbox. I search
> for proxy settings in a Dropbox client, choose SOCKS5, port 127.0.0.1,
> port 9050.

Discouraged. Without anyone checking, that really all traffic goes
through Tor, there could be leaks.

> That seems to be it.

Unfortunately not.

> Now, what information could the exit
> node extract from the data my local Dropbox app exchanges with Dropbox
> servers?

That depend on the software. In worst case "account name", "password".
In best case, "someone made an encrypted connection to drop box at xxx".

> How do I find out the answer to that question myself?

Analyzing the source code of the application (or the disassembly if not
available), using network protocol analyzer. Difficult stuff.

> Can I
> personally inspect the data transferred by local Dropbox (or other
> target service) application?

Using a network protocol analyzer.

> 2. Suppose I'm using OpenVPN. What happens when I connect with OpenVPN
> *while* connected to Tor?

If not using any VMs and such, usually OpenVPN connects before Tor.
user -> VPN -> Tor

Most of the time. It gets worse. When OpenVPN breaks down, usually all
applications continue to connect in the clear. To prevent this, you need
something like VPN-Firewall. (https://github.com/adrelanos/VPN-Firewall)
(Full disclosure: I am the author of VPN-Firewall.)

> Does Dropbox data get encrypted by openvpn
> software,

Absolutely not. OpenVPN encrypts only between you and the VPN server.

PS: Neither VPN nor Tor can automagically provide end-to-end connections
to targets, that don't support end-to-end encryption (such as http-only
websites).

> sent to vpn provider server, goes to Tor network then, in
> effect making Tor network a link between my VPN provider and target
> service, or does it get encrypted by openvpn software (hopefully), and
> sent through Tor to VPN provider, so Tor becomes a link between me and
> VPN provider?

IF dropbox uses Tor, then dropbox should only see Tor. Not the VPN.

> What could exit node make out of the data in this case?

No difference. Eventually when you have rare target IPs that few people
are using, the exit node could guess depending on latency and
throughput, that you're sometimes using a VPN and sometimes not. But
that's difficult stuff I wouldn't worry about.

> How do I find that out not by asking other people but rather by
> inspecting traffic on my own local computer which I have full access
> to? :-)

For serious analysis a Tor test network may be useful.

> Isn't it ridiculous that that I have to do the former instead?

> 0. Where should an average user go to find these answers?

There is no such place.

Best there is is this:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO

> Are people
> supposed to post to mailing lists?

> Mailing lists look a bit odd
> nowadays.

I guess it's still the place where more geeks like to hang out due to
entry barrier for less technical people.

> Doesn't this alarm Tor community, or unix/GNU/whatever
> email-based community in general?

What do you mean by alarm?

Cheers,
Patrick



More information about the tor-talk mailing list