[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Can't download pdfs without socksifying Adobe

Simon Callow <simoncallow68@xxxxxxxxx> wrote:

> The guys at NPP say that if you click on a link in
> your browser to download a html page then Tor works
> fine but if you click on a link to download a pdf then
> you get local DNS resolution without any warning
> message from Tor even when using Privoxy.

It is certainly possible to misconfigure your
browser to directly open third party applications
that ignore the browser's proxy settings and do
what they want.

Of course this has nothing to do with "the browser
cheating on you" and it shouldn't be a surprise.

Tor is not supposed to detect or prevent all
kinds of DNS leakage. It prints a warning
if it gets requests that contain an suspicious
IP address, as that can be a sign of unencrypted
DNS resolution, but that's all it can do.

If an application doesn't use Tor for its requests,
you obviously shouldn't expect a warning from Tor.

>                                           Only
> solution is to socksify Adobe. Blog entry is at
> http://nearlyperfectprivacy.blogspot.com/2006/06/why-your-browser-is-cheating-on-you.html.

A local DNS server that resolves through Tor and a
properly configured firewall would work as well.

Another solution would be to simply download the
file inside the browser instead of using (broken)
third party plug-ins in the first place.

> Is this true, I don't have the tools to test it.

I don't use PDF or Adobe products so I can't test
this either, but unless you use a transparent proxy
you should expect that every application is leaking DNS
requests until you explicitly configure it otherwise
and checked that it's working.

I don't know what these guys use as "sentinel" and
why they can't show the "sentinel's" output as proof,
but I'm inclined to believe that they just don't
understand how to use it right.

It makes no sense for an application to do a DNS look up,
just to request the file without actually using the
resolved IP.

I wouldn't be surprised if "Adobe" didn't use Tor at all,
but the "sentinel" wasn't watching the right ports.


Attachment: signature.asc
Description: PGP signature