[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] question about socks 4, 5

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] question about socks 4, 5
From: Fabian Keil <freebsd-listen@xxxxxxxxxxxxx>
Date: Sat, 24 Sep 2011 11:16:19 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 24 Sep 2011 05:16:46 -0400
In-reply-to: <4E7A4988.8040306@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4E7A4988.8040306@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Joe Btfsplk <joebtfsplk@xxxxxxx> wrote:

> was playing w/ latest TBB & seeing how other apps (like email - Tbird, 
> or other apps) behaved, just to experiment.
> 
> 1) Question about changes in proxy settings of late(er) TBB (Aurora - FF 
> 6) use.  Notice that ONLY things filled in on network > settings page is:
> - Manual Proxy Config is checked,
> 
> - under SOCKS host, 127.0.0.1 is used, and PORT 9050 used.
> - SOCKS 5 is checked.
> 
> Obviously, changes from past Tor.  I saw msgs in TBB / Vidalia log 
> (which unfortunately, I didn't figure out how to save - it's gone once

I never used TBB, but the "Vidalia log" in vanilla Vidalia is basically
a Tor log, so if you configure Tor to additionally log to a file, the log
messages should survive the Vidalia shutdown.

> TBB shuts down), to effect of (pardon my poor memory): "An (or some) 
> applic. is trying to do.... on SOCKS 5... which ~ may compromise 
> anonymity... "Consider using SOCKS 4 instead, ... or use Polipo
> (Privoxy?)"

You are probably referring to:
Sep 21 22:43:31.377 [warn] {APP} Your application (using socks5 to port 80) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.

The important part is "giving Tor only an IP address",
you can get the same message for SOCKS4.

The URL should probably be fixed, but I'm not sure if the
original content still exists somewhere.

> Question isn't about ONE app, but in general.  If trying to torrify 
> other apps, how do you know (now) WHICH settings to use in connection 
> settings for that app(s)?
> HTTP, SSL, SOCKS 4 / 5?  Or some combo of one or more of these settings 
> & which Proxy or Port for each?

Simplifying things a bit, SOCKS 4 and 5 both have two "flavours",
one where the client itself resolves the addresses (potentially
"leaking" DNS requests) and one where it doesn't have to (but still
could).

Tor users usually want to use the ones where the client doesn't have
to resolve addresses and naturally they want to use clients that don't
resolve anything anyway.

In case of SOCKS4 that flavour is called SOCKS4A, in case of SOCKS5
it's often called "SOCKS5 with hostnames", but many applications only
support one SOCKS5 flavour and you may have to check the documentation
to figure out which one it is.

For example Privoxy only supports the "SOCKS5 with hostnames"
flavour but simply refers to it as SOCKS5 in the configuration
files. The documentation should make it clear, though:
http://www.privoxy.org/user-manual/config.html#SOCKS

The same is true for Polipo:
http://www.pps.jussieu.fr/~jch/software/polipo/polipo.html#SOCKS-parent-proxies

curl supports both, and the switches are --socks5
and --socks5-hostname, so in this case most Tor users
would want the latter.

If an application has properly working SOCKS support
there usually isn't any need to additionally configure
a HTTP proxy unless the proxy itself does something
you consider useful.

If a client supports both SOCKS4A and "SOCK5 with hostnames"
it's usually preferable to use the latter as it supports more
detailed error codes. It's up to the client to do something
useful with them, though.

> By that, mean by CURRENT ways that Tor / TBB work, not outdated help / 
> FAQ articles (sorry).  Some help files & articles are out of date & no 
> longer apply for some settings.
> Could be wrong, but don't think instructions on 
> https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail  
> have changed in * long * time.

There seems to be some history available:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail?action=history

> Have to say, Tbird instructions on above link could be a * LOT * 
> clearer.  I'm a technical person (not a coder) & have a hard  time 
> following it all.  Definitely  not written for avg users:

I agree. It's also not clear if they are sufficient.
It's my impression that they may not cover everything,
but as I don't use Thunderbird I could be wrong.

Fabian

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] question about socks 4, 5
  - From: Joe Btfsplk

References:
- [tor-talk] question about socks 4, 5
  - From: Joe Btfsplk

Prev by Author: Re: [tor-talk] Tor Exit Node Operator Raided in USA.
Next by Author: Re: [tor-talk] Idiotical abuses against Tor-servers
Previous by thread: Re: [tor-talk] question about socks 4, 5
Next by thread: Re: [tor-talk] question about socks 4, 5
Index(es):
- Author
- Thread