Thus spake nnnnnnnnnnnn@xxxxxxxxxxxxx (nnnnnnnnnnnn@xxxxxxxxxxxxx): > Questions: > > 1. Why are ftp and gopher proxy settings blank? Should not both > settings match the http and ssl settings in case an ftp or gopher > link is loaded for privoxy to display an error message rather than > your browser resolving ftp or gopher apart from privoxy which would > leak your real connection? Privoxy does not support ftp or gopher. When these fields are left blank, Firefox defaults to SOCKS for these protocols. Sadly, the SOCKS support in firefox is also broken for FTP it seems, but it does not leak. Gopher on the otherhand, seems to work: gopher://gopher.floodgap.com/1/v2 > 2. By selecting "Use Privoxy" does this modify other hidden settings > within Torbutton apart from the Proxy Settings? No. It just sets those defaults for you. > 3. If I'm using Torbutton and Privoxy, why should I click "Use > Privoxy" rather than entering the details myself with 127.0.0.1 / > 8118 for everything apart from socks settings? Would not my manually > configured settings be much safer in Torbutton's Proxy Settings for > use with Privoxy than Torbutton's default Privoxy configuration? You're not likely to be any safer from what we know now, but stranger things have happened as far as vulnerabilities in Torbutton go. In general if you don't need these protocols, disabling them won't hurt. Reducing your vulnerability surface where you can is never a bad thing. However, the flip side to this is that passing them to privoxy or polipo will make your browser behave differently in a noticable way, and who knows if they are any better at handling these protocols than Firefox's SOCKS layer alone.. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgphwWVOnj2VM.pgp
Description: PGP signature