[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Torbutton Proxy Settings Questions

Thus spake nnnnnnnnnnnn@xxxxxxxxxxxxx (nnnnnnnnnnnn@xxxxxxxxxxxxx):

> Questions:
> 1. Why are ftp and gopher proxy settings blank? Should not both
> settings match the http and ssl settings in case an ftp or gopher
> link is loaded for privoxy to display an error message rather than
> your browser resolving ftp or gopher apart from privoxy which would
> leak your real connection?

Privoxy does not support ftp or gopher. When these fields are left
blank, Firefox defaults to SOCKS for these protocols. Sadly, the SOCKS
support in firefox is also broken for FTP it seems, but it does not
leak. Gopher on the otherhand, seems to work:


> 2. By selecting "Use Privoxy" does this modify other hidden settings
> within Torbutton apart from the Proxy Settings?

No. It just sets those defaults for you.

> 3. If I'm using Torbutton and Privoxy, why should I click "Use
> Privoxy" rather than entering the details myself with /
> 8118 for everything apart from socks settings? Would not my manually
> configured settings be much safer in Torbutton's Proxy Settings for
> use with Privoxy than Torbutton's default Privoxy configuration?

You're not likely to be any safer from what we know now, but stranger
things have happened as far as vulnerabilities in Torbutton go. In
general if you don't need these protocols, disabling them won't hurt.
Reducing your vulnerability surface where you can is never a bad

However, the flip side to this is that passing them to privoxy
or polipo will make your browser behave differently in a noticable
way, and who knows if they are any better at handling these protocols
than Firefox's SOCKS layer alone..

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgphwWVOnj2VM.pgp
Description: PGP signature