Yawning Angel: [snip] > My question is, what causes Tor Browser to set the SOCKS username to > "--unknown--" and what the behavior should be in that case if: Ideally, "--unknown--" would only be used for requests originating from privileged browser code and not belonging to a website/resource a user requested. This would encompass things like extensions update requests, browser update requests, blocklist checks, requests issued by installed extensions to name just a few. In reality, however, we are not there yet (see e.g. #13670, #15599, #15555, #15569 + plus there is at least one bug I have not filed yet). > * The destination is a ".onion" address. #15499 should give you an idea (although I am not sure whether that ticket is still valid) > * The destination is a ".i2p" address. I don't know. Maybe we/you should coordinate that with the I2P folks? > * The destination is the I2P management console. > > I'm fairly sure this should be "deny". Sounds good. > * The destination is any other address (will be dispatched over Tor if > running, I don't think I will attempt to support I2P outproxies > because they suck). (I think allow because things break otherwise?) I am not sure, honestly. What do you have in mind? [snip] > The final form of my shim will support running with any combination of > "nothing" (Tor Browser just for the "privacy benefits", probably > unsafe, I may reconsider this), I2P, and Tor (Though the most useful > configuration is probably I2P + Tor). Sounds useful, indeed. But I think we should make clear to users that this will not be a proper Tor Browser replacement as you need knowledge of the browser state to make correct assumptions on whether to put requests into the "--unknown--" bucket or not. And I currently don't see how your shim is able to accomplish that. Georg
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev