[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wget - secure?

On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command.  wget is not
> ‘100% safe’.

Well, I was talking about http(s) specifically. While wget does
support ftp_proxy environment variable, I am not aware of any
“standard” configuration involving Tor (e.g., Privoxy / polipo) that
supports ftp_proxy (I guess wget would send proxy's IP in that case,
but didn't check). When used with tsocks / torsocks' LD_PRELOAD hack,
wget sends with PORT, which only happens with
--no-passive-ftp, and is kind of pointless.

Perhaps you have seen the behavior you talk about in Tails, back
before I convinced them that transparent proxying with iptables is a
bad idea? In that case, the problem is with transparent proxying, not

Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
tor-talk mailing list