Marc Stossel wrote:
This is horrible! I just found wireshark and it is GeoIP.Info location! The packets showed the contents of my request, even when it has gone through tor and the source and destination were all correct. I cannot tell about netcrafttoolbar, nor about showip. Still learning to use wireshark. Do these two also leak dns?
hi Marc,the warning on the download page at tor.eff.org states the dangers of toolbars in firefox and other browsers (http://tor.eff.org/download.html.en). You might consider following the advice there about using a stripped down browser to surf the web with Tor (e.g. install a new copy of firefox, separate from the firefox you use for non-anonymized browsing). You could also try one of the live Tor distributions mentioned on the list.
If you could report your findings about which of your toolbars leak your IP address based on WireShark traffic captures, then I'm sure that would be helpful to some of the readers here.
To answer your initial question about why Tor isn't giving you a warning about the identifying traffic leaving your computer, the answer is that Tor can't warn you about traffic it doesn't handle. The traffic generated by your toolbars isn't being proxied by Tor, so it won't warn you about it. I don't use Vidalia, but I think I recall that Vidalia does a number of geoip queries which are not proxied. This does not necessarily violate Tor's security model, however. Remember, Tor is not designed to hide the fact that you're using Tor. It's designed to provide unlinkable communications.
-James