[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] wget - secure?
On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774@xxxxxxxxx> wrote:
> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command. wget is not
> ‘100% safe’.
Well, I was talking about http(s) specifically. While wget does
support ftp_proxy environment variable, I am not aware of any
“standard” configuration involving Tor (e.g., Privoxy / polipo) that
supports ftp_proxy (I guess wget would send proxy's IP in that case,
but didn't check). When used with tsocks / torsocks' LD_PRELOAD hack,
wget sends 127.0.0.1 with PORT, which only happens with
--no-passive-ftp, and is kind of pointless.
Perhaps you have seen the behavior you talk about in Tails, back
before I convinced them that transparent proxying with iptables is a
bad idea? In that case, the problem is with transparent proxying, not
wget.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk