On Sun, 21 Nov 2010 11:48:59 +0000 Matthew <pumpkin@xxxxxxxxx> wrote: > Hello, > > According to the Tor manual > (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry) > one should use SOCKS 4a. > > AIUI, Polipo or Privoxy are used as HTTP proxies which then allow the > client (Firefox) to "speak" to Tor as SOCKS 4a (therefore providing > hostnames rather than already resolved IP addresses as with SOCKS 4 or 5). That was the original reason to use an HTTP proxy between Firefox and Tor. Firefox can now be configured to resolve hostnames using the SOCKS proxy -- set the ânetwork.proxy.socks_remote_dnsâ option in about:config to âtrueâ, or use Torbutton, which automatically sets that option. The current reason to use an HTTP proxy between Firefox and Tor is that Firefox has an inappropriately short, hard-coded timeout for connections through SOCKS proxies. See <https://bugzilla.mozilla.org/show_bug.cgi?id=280661>. > I therefore do not understand why in the Tor version of the Polipo > configuration file > (https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf) > it says: > > # Uncomment this if you want to use a parent SOCKS proxy: > > socksParentProxy = "localhost:9050" > socksProxyType = socks5 Like the SOCKS 4A protocol, the SOCKS 5 protocol allows clients to specify a hostname instead of an IP address, and Polipo does so. Other clients, including Firefox with the (well-hidden) socks_remote_dns option turned off, may not specify a hostname to a SOCKS 5 server. Robert Ransom
Attachment:
signature.asc
Description: PGP signature