Hi all, following up a discussion on #tor I made up a Wiki-article about the abovementioned subject. https://wiki.torproject.org/noreply/RecommendedSoftware Abstract: To create a list of "Applications Recommended For Use With Tor" [2]. Those applications must obey the rules of 1) using the proxy supplied 2) not leaking any information around the proxy Disclaimer: This is work in progress. This is only meant for your information. It's not a formal process, nor a written thing. I just put it for discussion. It's up to you to define the rules. Motivation: Tonight we were discussing if [1] is a reasonable thing or not. I pointed out that Tor, as a layer-3 routing-software, can't solve layer-4+ problems and that it should be up to "downstream-proxies" to solve the "untrusted TCP-port"-problem. However, several people disagreed with my opinion, pointing out that the real problem are the applications using Tor, compromising the anonymity of the user and the IP-address-obfuscation of the router. The real thing would be solving all those problems directly in the applications instead of sailing around the problems, using proxies and the such. Later, the point about Tor-safe and not-safe applications popped up - thinking of DNS-leakage, unsafe browser plugins. Those problems were reported before on this list about several products - related to several versions of those individual applications - but except the archive of this list this pieces of information _were never consolidated_. We just have a bunch of warnings that a certain application $foo in version $bar leaks DNS. Goal: To create a list of "Applications Recommended For Use With Tor". That'd give users a certain degree of confidence that the application (s)he's using isn't leaking information to the world when using Tor. I'd appreciate your comments and I'm awaiting your corrections on all the articles in the Wiki. (free registration required). The Wiki-article isn't linked to anywhere in the Wiki yet. That's on purpose until we sorted our all the basic questions. I'll be willing to set up a dedicated mailing-list for this subject, unless we can have on elsewhere. Cheers, Alex. [1] https://www.torproject.org/svn/trunk/doc/spec/proposals/129-reject-plaintext-ports.txt [2] Name made up by Nick. I like it, though I found it to be too bold.
Attachment:
signature.asc
Description: OpenPGP digital signature