[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: privoxy/firefox



I have FF 1.0.6 and TorCP reports back to me that firefox it is only
reporting IPs, meaning it is getting dns data from somewhere...
whether it is localized or remote, I don't know.


On 8/29/05, Bob <monfster@xxxxxxxxx> wrote:
> I have FF 1.0.6 stable, and it does do it's own DNS lookups when using
> socks5 to tor.  There are no DNS leaks that I have found using privoxy and
> tor, unless you have it using OCSP, in which case it does a dns lookup for,
> say, ocsp.verisign.com, and then it seems to do an regular http ocsp check,
> bypassing the proxy settings.  I assume that the certificate being checked
> could be identified by that traffic, thus revealing the ssl site you are
> browsing to through tor.  A lot of the plugins, such as the "ShowIP" plugin
> also cause DNS leaks, plus, with geolocation and akamai servers, the ip
> shown by showip may not be the ip used by whatever tor server you exited
> from...
> 
> > -----Original Message-----
> > From: owner-or-talk@xxxxxxxxxxxxx
> > [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Arrakis Tor
> > Sent: Sunday, August 28, 2005 11:37 PM
> > To: or-talk@xxxxxxxxxxxxx
> > Subject: Re: privoxy/firefox
> >
> > I would very much appreciate an investigation into it.
> >
> > On 8/29/05, ADB <firefox-gen@xxxxxxxxxx> wrote:
> > >  The latest  stable (1.0.6) operates without causing any
> > screen messages
> > > when tor is set to 'notice' loglevel. Programs known not to
> > do DNS in a safe
> > > manner do result in such notifications. When did you last
> > review the source?
> > > I'll do a local ethernet sniff w/ Etherial if you would like further
> > > verification (it's late right now otherwise I would just do
> > it immediately).
> > >
> > >  Roger Dingledine wrote:
> > >  On Sun, Aug 28, 2005 at 10:40:53PM -0700, ADB wrote:
> > >
> > >
> > >  FF does SOCKS 5 securely, so I don't see why you couldn't.
> > The only
> > >
> > >
> > >
> > >  Other than not having cookies blocked, Is there anything to lose by
> > > not having privoxy installed, and using firefox as its own sock5
> > > proxy? Does this compromise security by dns headers?
> > >
> > >
> > >
> > > Last I read the code, the way Firefox does socks5 is *not*
> > secure from
> > > Tor's perspective. It does the DNS resolve itself, then
> > passes the IP
> > > address to Tor via socks5.
> > >
> > > Firefox 1.1 (not yet released, as far as I know) has an
> > option to "do
> > > dns remotely", which makes it safe. Adam Langley has a
> > howto on this:
> > > http://www.imperialviolet.org/deerpark.html
> > >
> > > --Roger
> > >
> > >
> > >
> > > .
> > >
> > >
> > >
> > >
> 
> 
>