[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Living without Privoxy
- To: or-talk@xxxxxxxxxxxxx
- Subject: Living without Privoxy
- From: Adam Langley <alangley@xxxxxxxxx>
- Date: Sun, 22 May 2005 23:31:32 +0100
- Delivered-to: archiver@seul.org
- Delivered-to: or-talk-outgoing@seul.org
- Delivered-to: or-talk@seul.org
- Delivery-date: Sun, 22 May 2005 18:31:34 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=ShVsk3aFRykngmjiqFMEjxpwF3BpJQQYegVAMxxVcKR6UwmduAPfG3dbzQntDfCrmHLuZt1nv5mia5eq6PI5ZM+mdJ9RO6TVsSFL0zeGiFHXacRG4Fv+9BQGj85ht46MtbWjg/0mBrxlfobJbyMCve75xK9vqFsdLCEw048B838=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Firefox nightly builds now have an option
"network.proxy.socks_remote_dns" which does what we need (passes
hostnames to Tor). You need to setup a SOCKS5 proxy as normal and then
goto about:config to set that option currently. They may have a GUI
for it in the next Firefox release.
This means that we can do without Privoxy given
http://extensionroom.mozdev.org/more-info/useragentswitcher and
sensible Firefox settings. (Nightly builds are much better about
deleting information on exit too) and this is a good thing.
(Note: there are still many issues unaddressed with browsers in
general, mostly relating to Javascript).
I've also just scribbled my thoughts about a more general solution
down (below), but the need for such a solution has just been reduced.
--------
We would like to write a caching DNS server which could sit on the
local machine and answer DNS queries by sending them to an OP.
* We need to cache results because DNS over Tor is pretty slow
* But what TTL do we use?
o We would wish to use the highest possible, but SOCKS
resolve destroys that information (actually, it never even gets passed
to Tor at the other end)
* We could add support for UDP over Tor (SOCKS5 supports UDP),
that way a resolver could talk DNS directly to the servers.
* Or we could add support for more DNS information over Tor.
o This would require a libevent based DNS library (libdnsres
will not do because it doesn't pass on TTL information)
o This probably needs additional, specific, RELAY cells.
o ADNS looks like it could work:
http://www.chiark.greenend.org.uk/~ian/adns/
--
Adam Langley agl@xxxxxxxxxxxxxxxxxx
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60