[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: privoxy/firefox



I would very much appreciate an investigation into it. 

On 8/29/05, ADB <firefox-gen@xxxxxxxxxx> wrote:
>  The latest  stable (1.0.6) operates without causing any screen messages
> when tor is set to 'notice' loglevel. Programs known not to do DNS in a safe
> manner do result in such notifications. When did you last review the source?
> I'll do a local ethernet sniff w/ Etherial if you would like further
> verification (it's late right now otherwise I would just do it immediately).
>  
>  Roger Dingledine wrote: 
>  On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
>  
>  
>  FF does SOCKS 5 securely, so I don't see why you couldn't. The only 
> 
>  
>  
>  Other than not having cookies blocked, Is there anything to lose by
> not having privoxy installed, and using firefox as its own sock5
> proxy? Does this compromise security by dns headers?
>  
>  
> 
> Last I read the code, the way Firefox does socks5 is *not* secure from
> Tor's perspective. It does the DNS resolve itself, then passes the IP
> address to Tor via socks5.
> 
> Firefox 1.1 (not yet released, as far as I know) has an option to "do
> dns remotely", which makes it safe. Adam Langley has a howto on this:
> http://www.imperialviolet.org/deerpark.html
> 
> --Roger
> 
> 
> 
> .
> 
>  
>  
>