[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Konqueror & SOCKS with Tor+Privoxy

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Konqueror & SOCKS with Tor+Privoxy
From: Robert Hogan <robert@xxxxxxxxxxxxxxx>
Date: Sun, 20 Jan 2008 19:13:23 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 20 Jan 2008 14:12:20 -0500
In-reply-to: <20080119233635.GU20802@xxxxxxxxxxxxxx>
References: <58ec2f770801191531t6fa5ab9fqa962639fa4e458e7@xxxxxxxxxxxxxx> <20080119233635.GU20802@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: KMail/1.9.7

On Saturday 19 January 2008 23:36:35 Roger Dingledine wrote:
> On Sat, Jan 19, 2008 at 03:31:51PM -0800, Ned Bun wrote:
> > I can't find an answer to this question anywhere.
>
> You might find
> https://www.torproject.org/docs/tor-doc-web
> to be useful.
>
> > In using Konqueror with Tor and Privoxy, should the SOCKS settings in
> > Konqueror's Settings->Configure Konqueror->Proxy->SOCKS be configured
> > in some way? It seems to work fine without the SOCKS section
> > configured, but leaving the "Enable SOCKS support" box unchecked
> > disturbs me slightly. Should this section need configuration if
> > everything appears to be working? Why are instructions for Firefox for
> > SOCKS always specified but when it comes to Konqueror, no one says
> > anything about the SOCKS configuration area?
>
> You should configure the socks part too. The reason is that browsers
> have a habit of supporting all sorts of weird protocols besides http and
> https, and if some webpage gives you (over Tor) a link that points to
> one of those other protocols, then your browser will fetch it without
> going through any proxies. If you specify a socks proxy, your browser
> should [*] use the socks proxy for all other protocols.
>
> (I say "should" because I have no idea what bugs konqueror has where
> it decides it's smarter than you and shouldn't use a proxy for some
> situation.)
>

For some reason Konqueror doesn't support socksifying to a tcp port - only the 
library detection and loading that Ned describes. It's hardcoded to detect 
any of the following files in the usual paths (or a path you specify):

_libNames << "libsocks.so"                  // Dante
             << "libdsocksd.so.0"              // Dante 1.1.14-2 on
                                               // Debian unstable 17-12-2003
             << "libsocks5.so"                 // ?
             << "libsocks5_sh.so";             // NEC

Many of Konqueror's IO slaves (e.g. smb:/, fish:/ for obvious reasons) don't 
respect its proxy settings so if the user assumes that the window, rather 
than the protocol, is anonymized then that will be a problem.

However, installing Dante is also a problem because then *every* ioslave 
starts using it, including pop3, smtp and so on.

So a rock and a hard place. TorK, which supports using Konqueror, needs to 
alert the user that Konqueror can only be safely used for http and https. As 
other posters have noted, Konqueror is quite secure in some respects, but 
it's pretty crap socks support and the integration of ioslaves into the 
interface are a problem.

Attachment: signature.asc
Description: This is a digitally signed message part.

References:
- Konqueror & SOCKS with Tor+Privoxy
  - From: Ned Bun
- Re: Konqueror & SOCKS with Tor+Privoxy
  - From: Roger Dingledine

Prev by Author: Re: filesharing with tor and offsystem online storage
Next by Author: Re: How to remove some useless nodes
Previous by thread: Re: Konqueror & SOCKS with Tor+Privoxy
Next by thread: Re: Konqueror & SOCKS with Tor+Privoxy
Index(es):
- Author
- Thread