On 10/30/2011 05:37 PM, Roger Dingledine wrote: > On Sun, Oct 30, 2011 at 05:31:34PM -0700, Jacob Appelbaum wrote: >> otherwise, I sometimes use a >> HTTP proxy with proxychains to prevent DNS leaky applications that have >> not and will never implement SOCKS. > > This is the crux of the question: which ones? And are they applications > that we think are safe enough to use in general with Tor, or are they > applications where if we learned you were using them we'd tell you to > give up on trying to be safe? If there are enough apps in the former > category, we should think about either a) getting an http proxy into > the bundles we ship, or b) writing clear instructions for how people > can bolt on an http proxy if they want one.
wget is the most common example that other people use - with wget, I set the HTTP headers match Torbutton: HTTP_PROXY=http://127.0.0.1:8118/ http_proxy=http://127.0.0.1:8118/ FTP_PROXY=http://127.0.0.1:8118/ HTTPS_PROXY=http://127.0.0.1:8118/ https_proxy=http://127.0.0.1:8118/ ftp_proxy=http://127.0.0.1:8118/ usewithtor wget -e robots=off --random-wait --wait 3.145 --user-agent="Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" -m -np http://www.example.com/ Python's web/http processing libraries could probably be improved in the core language to always use SOCKS proxies that are set: https://github.com/ioerror/TeaTime/blob/master/teatime.py#L46 Those are both useful building blocks. Again, I also use a lot of Gnome programs and set both HTTP and SOCKS proxies - so sometimes I'll watch a video and I am fairly certain it used the HTTP proxy rather than the SOCKS proxy, etc. Almost all the time, I use usewithtor to wrap a program when I worry it might leak and then I instruct it to use a local proxy for anything else. This method seems to block nearly all leaking and then I have iptables for TransPort to catch anything else - I rarely find anything but when I do, I generally report it as a bug in torsocks... I wish we'd ship torsocks as part of the bundle. It helps advanced users. It also would be a useful TBB helper to prefix any other program for safer execution. I'd rather it than any old HTTP proxy but I think we still will need an HTTP proxy in some cases. All the best, Jake _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
