[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] which apps require an http proxy?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] which apps require an http proxy?
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Sun, 30 Oct 2011 23:35:18 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 31 Oct 2011 02:35:45 -0400
In-reply-to: <20111031003754.GL5287@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=42DDE84F; url=http://www.appelbaum.net/gpg.asc
References: <20111031000638.GM283@xxxxxxxxxxxxxx> <4EADEC66.6060309@xxxxxxxxxxxxx> <20111031003754.GL5287@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: mutt

On 10/30/2011 05:37 PM, Roger Dingledine wrote:
> On Sun, Oct 30, 2011 at 05:31:34PM -0700, Jacob Appelbaum wrote:
>>  otherwise, I sometimes use a
>> HTTP proxy with proxychains to prevent DNS leaky applications that have
>> not and will never implement SOCKS.
> 
> This is the crux of the question: which ones? And are they applications
> that we think are safe enough to use in general with Tor, or are they
> applications where if we learned you were using them we'd tell you to
> give up on trying to be safe? If there are enough apps in the former
> category, we should think about either a) getting an http proxy into
> the bundles we ship, or b) writing clear instructions for how people
> can bolt on an http proxy if they want one.

wget is the most common example that other people use - with wget, I set
the HTTP headers match Torbutton:

HTTP_PROXY=http://127.0.0.1:8118/
http_proxy=http://127.0.0.1:8118/
FTP_PROXY=http://127.0.0.1:8118/
HTTPS_PROXY=http://127.0.0.1:8118/
https_proxy=http://127.0.0.1:8118/
ftp_proxy=http://127.0.0.1:8118/
usewithtor wget -e robots=off --random-wait --wait 3.145
--user-agent="Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101
Firefox/5.0" -m -np http://www.example.com/

Python's web/http processing libraries could probably be improved in the
core language to always use SOCKS proxies that are set:
https://github.com/ioerror/TeaTime/blob/master/teatime.py#L46

Those are both useful building blocks.

Again, I also use a lot of Gnome programs and set both HTTP and SOCKS
proxies - so sometimes I'll watch a video and I am fairly certain it
used the HTTP proxy rather than the SOCKS proxy, etc.

Almost all the time, I use usewithtor to wrap a program when I worry it
might leak and then I instruct it to use a local proxy for anything
else. This method seems to block nearly all leaking and then I have
iptables for TransPort to catch anything else - I rarely find anything
but when I do, I generally report it as a bug in torsocks...

I wish we'd ship torsocks as part of the bundle. It helps advanced
users. It also would be a useful TBB helper to prefix any other program
for safer execution. I'd rather it than any old HTTP proxy but I think
we still will need an HTTP proxy in some cases.

All the best,
Jake
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] which apps require an http proxy?
  - From: andrew

References:
- [tor-talk] which apps require an http proxy?
  - From: Erinn Clark
- Re: [tor-talk] which apps require an http proxy?
  - From: Jacob Appelbaum
- Re: [tor-talk] which apps require an http proxy?
  - From: Roger Dingledine

Prev by Author: Re: [tor-talk] which apps require an http proxy?
Next by Author: [tor-talk] Problem with configuring hidden service
Previous by thread: Re: [tor-talk] which apps require an http proxy?
Next by thread: Re: [tor-talk] which apps require an http proxy?
Index(es):
- Author
- Thread