[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: privoxy/firefox
I would very much appreciate an investigation into it.
On 8/29/05, ADB <firefox-gen@xxxxxxxxxx> wrote:
> The latest stable (1.0.6) operates without causing any screen messages
> when tor is set to 'notice' loglevel. Programs known not to do DNS in a safe
> manner do result in such notifications. When did you last review the source?
> I'll do a local ethernet sniff w/ Etherial if you would like further
> verification (it's late right now otherwise I would just do it immediately).
>
> Roger Dingledine wrote:
> On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
>
>
> FF does SOCKS 5 securely, so I don't see why you couldn't. The only
>
>
>
> Other than not having cookies blocked, Is there anything to lose by
> not having privoxy installed, and using firefox as its own sock5
> proxy? Does this compromise security by dns headers?
>
>
>
> Last I read the code, the way Firefox does socks5 is *not* secure from
> Tor's perspective. It does the DNS resolve itself, then passes the IP
> address to Tor via socks5.
>
> Firefox 1.1 (not yet released, as far as I know) has an option to "do
> dns remotely", which makes it safe. Adam Langley has a howto on this:
> http://www.imperialviolet.org/deerpark.html
>
> --Roger
>
>
>
> .
>
>
>
>