Silk Road forums
Discussion => Security => Topic started by: supersecretsquirrel on April 20, 2012, 03:15 pm
-
I know that a lot of you use Midori to browse over Tor. However, Midori leaks DNS requests and is not safe to use. Read the following post on the tor-talk mailing list for a bit more info: https://lists.torproject.org/pipermail/tor-talk/2012-April/024017.html
-
I know that a lot of you use Midori to browse over Tor. However, Midori leaks DNS requests and is not safe to use. Read the following post on the tor-talk mailing list for a bit more info: https://lists.torproject.org/pipermail/tor-talk/2012-April/024017.html
so what does that means mate? Your conclusion is that Midory not safe, what safe.
what about connecting to TOR via my own VPN. As I understand answers of Maxime, all this wget issue it is just BS. That is exactly what feds do always, once they see the system which they cant brake, they will try compromise it by spreading such kind shit. That story about back door in PGP was very persistent and done a lot of damage to PGP reputation.
is there any back door in Liberte too, for foke sake, mate, tell me if you know.
-
I know that a lot of you use Midori to browse over Tor. However, Midori leaks DNS requests and is not safe to use. Read the following post on the tor-talk mailing list for a bit more info: https://lists.torproject.org/pipermail/tor-talk/2012-April/024017.html
so what does that means mate? Your conclusion is that Midory not safe, what safe.
what about connecting to TOR via my own VPN. As I understand answers of Maxime, all this wget issue it is just BS. That is exactly what feds do always, once they see the system
which they cant brake, they will try compromise it by spreading such kind shit. That story about back door in PGP was very persistent and done a lot of damage to PGP reputation.
I think you need to read up on DNS leaks. This is not some BS being spread by feds on the tor-talk mailing list.
is there any back door in Liberte too, for foke sake, mate, tell me if you know.
I have not used or audited Liberte. Tails is recommended by the Tor Project, so that's what I'm going to stick with.
-
I have wondered about security issues with Midori only because, for me at least, it is a super buggy browser. Really a pain in the ass, I freakin' hate it. Half the time it doesn't work right, screws up URLs, etc. Would love to find an alternative.
I love Liberte, though. xxoo
-
I was under the impression that using Privoxy with Tor (as Liberte uses) prevents DNS leaks, so using Midori would not be an issue. I seem to recall Maxim Krammerer addressing this issue directly, although I can no longer find the reference. Closest thing I can find is this:
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
Thoughts, comments, and suggestions for further study are all appreciated.
-
so is TAILS safe then? i specifically installed tails which comes with iceweasel, but google searching "iceweasel dns leak" comes up with quite a few hits. i'm not too familiar with this stuff, so i didnt dig through all of them ,but can you confirm that TAILS and ice weasel are safe? i don't want the party van showing up at my door.
-
I was under the impression that using Privoxy with Tor (as Liberte uses) prevents DNS leaks, so using Midori would not be an issue. I seem to recall Maxim Krammerer addressing this issue directly, although I can no longer find the reference. Closest thing I can find is this:
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
Thoughts, comments, and suggestions for further study are all appreciated.
hmm would like to know more on this also
-
More on DNS leaks and how to prevent them, from the Tor project itself:
https://wiki.torproject.org/noreply/TheOnionRouter/Preventing_Tor_DNS_Leaks
Torsocks is probably the best way to ensure that all of an application's network traffic passes through Tor. Torsocks can prevent DNS leakage due to things like DNS prefetching or binary plugins that generate their own network traffic, whereas HTTP or SOCKS proxies cannot prevent these kinds of leaks. (On the other hand, proxies like Privoxy can be configured to send only certain traffic through Tor, whereas Torsocks forces all traffic through Tor.)
If your application supports HTTP proxies, you might consider using Privoxy. Privoxy listens on localhost port 8118, and the versions shipped with Tor come preconfigured to forward traffic via Tor using SOCKS 4a. This is good, because using SOCKS 4a causes DNS requests to be made remotely, and therefore does not leak DNS. So if you set it up properly, Privoxy itself does not leak DNS at all. Note however, as mentioned above, that poorly behaved applications may still leak DNS even if configured to send traffic through Privoxy. If you wish to use a web-browser-like application with Privoxy, you may also want to run it with Torsocks if you want to ensure that any stray traffic gets sent through Tor.
If your application supports SOCKS4a, then configure it to use a SOCKS4a proxy at localhost, port 9050. However, it is important to note that this does not always work. Sometimes applications are written with poor SOCKS4a functionality, even if they list it as an option. This results in DNS leaks.
If your application supports SOCKS5, it may use either hostnames or IP addresses.
Also of interest:
http://www.privoxy.org/faq/misc.html
http://securitystreetknowledge.com/?p=283
I would like to add that I am no Tor guru or network security expert. I am genuinely interested in learning more about this, and the links I posted were found by searching- which I might not have done if not for this thread.
-
so is TAILS safe then? i specifically installed tails which comes with iceweasel, but google searching "iceweasel dns leak" comes up with quite a few hits. i'm not too familiar with this stuff, so i didnt dig through all of them ,but can you confirm that TAILS and ice weasel are safe? i don't want the party van showing up at my door.
There is no such thing as 110% safe, but I believe Tails is better than Liberte, if only because the project is being developed with help from the Tor Project. I know that Tails will redirect all traffic, including DNS lookups, to Tor using iptables. That said, https://tails.boum.org/security/index.en.html states that "Until an audit of the bundled network applications is done, information leakages at the protocol level should be considered as − at the very least − possible.".