[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] wget - secure?
From: Maxim Kammerer <mk@xxxxxx>
Date: Wed, 18 Apr 2012 08:52:07 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 18 Apr 2012 01:52:43 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dee.su; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=pxedjbTD1qMIpcZiAi2gYKzhe23rCr1m/Ugy5/oVmn0=; b=efW2WIJ7ClZKofPB0n1WLOe6Gn5A6TO3WprCPHamlE0CbBiCuwLyXmTrBQo66daYHG AqZ6eofoIlotGSRE10Ra8FPKqzdzo9y5cxbSgc2lqpiXk9O7esAJ48qZHJCMDtDygxKR dgmZgzxeZxSk0/GYpqMpoN39Jm1iZt08YGDwE=
In-reply-to: <CAMtFrUF8qb8HzSmRucq+bF17zx0MQWdUqeKLebYGhfYwwWRnUA@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1SKD7H-000A52-7x@xxxxxxxxxxxxxxxxxxxx> <CAMtFrUF8qb8HzSmRucq+bF17zx0MQWdUqeKLebYGhfYwwWRnUA@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Wed, Apr 18, 2012 at 08:01, Runa A. Sandvik <runa.sandvik@xxxxxxxxx> wrote:
> According to a table on https://code.google.com/p/torsocks/, wget is
> not 100% safe to use with Tor and it does leak DNS.

No, what that table shows is that there are possible issues with
torifying wget with torsocks (as opposed to, e.g., pointing
http(s)_proxy to Privoxy; this probably just means that wget sends its
version in User-Agent header), and that wget does not leak DNS
requests when used with torsocks (a rather useless information, since
it says nothing about what happens without transparent torification).
My tests show that wget does not leak DNS requests when HTTP(S)
proxies are specified via environment variables.

TL;DR: wget is 100% safe to use with Tor and it does not leak DNS
(also true for curl, by the way).

-- 
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] wget - secure?
  - From: coderman
- Re: [tor-talk] wget - secure?
  - From: Robert Ransom

References:
- [tor-talk] wget - secure?
  - From: torsiris
- Re: [tor-talk] wget - secure?
  - From: Runa A. Sandvik

Prev by Author: Re: [tor-talk] access sites
Next by Author: Re: [tor-talk] wget - secure?
Previous by thread: Re: [tor-talk] wget - secure?
Next by thread: Re: [tor-talk] wget - secure?
Index(es):
- Author
- Thread