[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Yahoo Mail and Tor

     On Fri, 10 Jul 2009 00:15:18 -0600 Jim McClanahan <jimmymac@xxxxxxxxxx>
>Scott Bennett wrote:
>>      On Thu, 9 Jul 2009 20:37:38 -0400 downie - <downgeoff2@xxxxxxxxxxx>
>> wrote:
>> >Will Polipo be able to filter out .exit notation?
>> >
>>      Why would you want it to do that?  The .exit notation has to be passed
>> along to tor for it to work.  If it were filtered out, then the user would
>> see a connection failure of some kind.
>I believe you are correct that you don't want to filter it out at the
>privoxy level.  But I don't think it would result in a connection
>failure, but rather that the exit node specification would not be
>honored (other than by accident).
>A long time ago I think there was a problem with the .exit... in the URL
>being passed along to the website in the GET (or other) requests, which
>sometimes caused problems.  Somebody correct me if I am wrong, but I
>believe now something in the tor chain of software (client, relays,
>exit) filters that out.
     I should think that such a bug would have had to have been inside tor,
not privoxy, if it indeed existed.  Consider the process of privoxy making
a connection via a tor circuit to a destination IP address and then requesting
a page.  An unproxied browser will first resolve a name to an IP address and
then connect to that IP address.  When proxied through privoxy, privoxy passes
the entire hostname.domainname.Nickname.exit to tor instead of an IP address
when requesting an exit connection to the destination system.  The exit node
itself then does the name-to-address resolution and establishes the connection
to the resulting IP address.  Next, privoxy sends an HTTP GET request, which
contains no hostname, domainname, Nickname.exit, nor IP address through the
connection to the web server at the other end.  The web server reads (or has
cached) the page contents from the filesystem path given in the GET relative
to the base of the server's directory tree (i.e., everything *starting* with
the third slash in the URL and continuing to the end of the URL) and then sends
the file contents back through the connection toward the requesting system.
Of course, some parts of that "path" may actually be other kinds of arguments
that will be processed by the web server, that fact has no bearing on the
process described here.

                                  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:       bennett at cs.niu.edu                              *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *