On Saturday 19 January 2008 23:36:35 Roger Dingledine wrote: > On Sat, Jan 19, 2008 at 03:31:51PM -0800, Ned Bun wrote: > > I can't find an answer to this question anywhere. > > You might find > https://www.torproject.org/docs/tor-doc-web > to be useful. > > > In using Konqueror with Tor and Privoxy, should the SOCKS settings in > > Konqueror's Settings->Configure Konqueror->Proxy->SOCKS be configured > > in some way? It seems to work fine without the SOCKS section > > configured, but leaving the "Enable SOCKS support" box unchecked > > disturbs me slightly. Should this section need configuration if > > everything appears to be working? Why are instructions for Firefox for > > SOCKS always specified but when it comes to Konqueror, no one says > > anything about the SOCKS configuration area? > > You should configure the socks part too. The reason is that browsers > have a habit of supporting all sorts of weird protocols besides http and > https, and if some webpage gives you (over Tor) a link that points to > one of those other protocols, then your browser will fetch it without > going through any proxies. If you specify a socks proxy, your browser > should [*] use the socks proxy for all other protocols. > > (I say "should" because I have no idea what bugs konqueror has where > it decides it's smarter than you and shouldn't use a proxy for some > situation.) > For some reason Konqueror doesn't support socksifying to a tcp port - only the library detection and loading that Ned describes. It's hardcoded to detect any of the following files in the usual paths (or a path you specify): _libNames << "libsocks.so" // Dante << "libdsocksd.so.0" // Dante 1.1.14-2 on // Debian unstable 17-12-2003 << "libsocks5.so" // ? << "libsocks5_sh.so"; // NEC Many of Konqueror's IO slaves (e.g. smb:/, fish:/ for obvious reasons) don't respect its proxy settings so if the user assumes that the window, rather than the protocol, is anonymized then that will be a problem. However, installing Dante is also a problem because then *every* ioslave starts using it, including pop3, smtp and so on. So a rock and a hard place. TorK, which supports using Konqueror, needs to alert the user that Konqueror can only be safely used for http and https. As other posters have noted, Konqueror is quite secure in some respects, but it's pretty crap socks support and the integration of ioslaves into the interface are a problem.
Attachment:
signature.asc
Description: This is a digitally signed message part.