[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- To: or-Talk Mailinglist <or-talk@xxxxxxxx>
- Subject: Re: tor with OpenDNS as default DNS, using Firefox+FoxyProxy
- From: Tripple Moon <tripple.moon@xxxxxxxxx>
- Date: Mon, 13 Apr 2009 06:47:50 -0700 (PDT)
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 13 Apr 2009 09:47:54 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1239630470; bh=jQBDSIKhVkgE7yalQQCczTQS/N6pt3x6Z7CQKeUJLUM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=E1V25VgymWQ7lPJFCsbJZHSQp6iqgn5PZBfqZZB6NF9VBr9z8LMQmFHVTuM4Bfk4DC558XtQ34lUVxuwl+HeLi9YwfwZwVKwMkupT2bW/BYRyF8dnelMoUydqpIAs6uIOdwkyqiAMOKkIRT7wcaqlICJyLPh0M+QiBcvMffcT/8=
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=d5O6S/hlsxKQ/NbtHHl8myvY4PsPwPqMjB+Ces9igyx1DpxnebXpv4z4xZmNRIdlK6Rv66qJWeIbsf/R844tftC7sJ/ZaMRdey7wXSjEXIfa91ykA7ruofxx/ygO8moOq/oRgptiRMkO2nPYv9HKb0zKeFqXK951/V85lUsH08g=;
- In-reply-to: <200904130446.n3D4keMA006213@xxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
--- On Mon, 4/13/09, Scott Bennett <bennett@xxxxxxxxxx> wrote:
[cut for clarity]
> >When i set my client to not resolve DNS queries using
> the tor network i get the warning messages.
> >(Which ofcourse are as expected)
> I think you may be confusing various operations that
> occur in differing
> situations. Your *tor* client will always attempt to
[cut for clarity]
Yes, read carefully, i said client not "tor-client" meaning fe. a browser.
> >My reason(s) for this scenario is so that:
> >1) I am able to use custom DNS-Servers for both my
> client and others that use my exit point, without the
> warning messages.
> What precisely do you mean by "custom DNS-Servers"?
Like i explained in my other reply:
"custom DNS-Servers" means "other DNS servers as the default ones of the ISP".
> >2) My, the operators, custom DNS-Servers can speedup
> _and_ aid in anonymity by blocking/re-directing certain
> domain names to other IP's.
> >Which will, in the case of OpenDNS, return a small HTML
> with a message telling its blocked.
[cut for clarity]
> >Preventing the access to specific domains will, IMHO,
> improve anonymity for both the relay operator and the client
> using it as exit point.
> Preventing access to destinations is only
> appropriately done via proper
> specification of your restrictions in ExitPolicy lines in
But this only applies to external tor-clients accessing the tor-relay through the tor network, not the local clients connecting to the local tor-client.
> >I came-up with this scenario because i wanted to
> speedup the user experience _and_ kill the webs tracking
> behaviors as much as i can.
> Faking the address resolutions is simply a
> characteristic of a bad exit
> relay. Faking the address resolution does not alter the
> tracking abilities of web sites in the slightest.
Well there you are dead wrong sorry to disagree here.
Websites that track by IP-access are blocked this way.
Ofcourse, i know there are plenty of other ways to track visitors, but IP-tracking is one that can be eliminated by _not_ accessing certain web servers at all in the 1st place...
> >So i admit i understand that for my scenario to work
> without the warning messages tor needs an extra config
> option to allow IP-only requests from custom listed IP's
> in its torrc file.
> >(fe. localhost/127.0.0.1 for the local client)
> We definitely do *not* need the sort of corruption of
> service that you
> wish to employ. Please disabuse yourself of such notions.
I agree looking at the subject from your point of view.
My intentions were not to corrupt the tor service but to cleanup corruption of DNS servers used at certain locations in the world by authorities, and at the same time block some personally setup domains for my own LAN-access.
> >I understand that one can use Privoxy for even more
> advanced filtering, but a simple DNS-based filtering system
> is more than enough for most of the web-tracking systems
> I can't make sense out of that at all.
> >Besides this approach will even enable tor to utilize
> bind+rbl :)
> >It's just IMHO the next step towards _more_
Try to look at the big-picture what i want to accomplish as a whole, not just from tor's P.O.V.
I want to circumvent the poluted DNS-service of my ISP/country and at same time block personally chosen domains.
Bind = The defacto DNS server software used on unix since...well lets say forever. :) (http://en.wikipedia.org/wiki/BIND)
RBL = Real-time Blackhole List (http://en.wikipedia.org/wiki/DNSBL#Terminology)