[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: privoxy/firefox



I have FF 1.0.6 stable, and it does do it's own DNS lookups when using
socks5 to tor.  There are no DNS leaks that I have found using privoxy and
tor, unless you have it using OCSP, in which case it does a dns lookup for,
say, ocsp.verisign.com, and then it seems to do an regular http ocsp check,
bypassing the proxy settings.  I assume that the certificate being checked
could be identified by that traffic, thus revealing the ssl site you are
browsing to through tor.  A lot of the plugins, such as the "ShowIP" plugin
also cause DNS leaks, plus, with geolocation and akamai servers, the ip
shown by showip may not be the ip used by whatever tor server you exited
from...

> -----Original Message-----
> From: owner-or-talk@xxxxxxxxxxxxx
> [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Arrakis Tor
> Sent: Sunday, August 28, 2005 11:37 PM
> To: or-talk@xxxxxxxxxxxxx
> Subject: Re: privoxy/firefox
>
> I would very much appreciate an investigation into it.
>
> On 8/29/05, ADB <firefox-gen@xxxxxxxxxx> wrote:
> >  The latest  stable (1.0.6) operates without causing any
> screen messages
> > when tor is set to 'notice' loglevel. Programs known not to
> do DNS in a safe
> > manner do result in such notifications. When did you last
> review the source?
> > I'll do a local ethernet sniff w/ Etherial if you would like further
> > verification (it's late right now otherwise I would just do
> it immediately).
> >
> >  Roger Dingledine wrote:
> >  On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
> >
> >
> >  FF does SOCKS 5 securely, so I don't see why you couldn't.
> The only
> >
> >
> >
> >  Other than not having cookies blocked, Is there anything to lose by
> > not having privoxy installed, and using firefox as its own sock5
> > proxy? Does this compromise security by dns headers?
> >
> >
> >
> > Last I read the code, the way Firefox does socks5 is *not*
> secure from
> > Tor's perspective. It does the DNS resolve itself, then
> passes the IP
> > address to Tor via socks5.
> >
> > Firefox 1.1 (not yet released, as far as I know) has an
> option to "do
> > dns remotely", which makes it safe. Adam Langley has a
> howto on this:
> > http://www.imperialviolet.org/deerpark.html
> >
> > --Roger
> >
> >
> >
> > .
> >
> >
> >
> >