Silk Road forums
Discussion => Security => Topic started by: treesplease on April 21, 2012, 06:05 pm
-
I can get on the SR Forum no problem, but SR is another story.
Using the URL: http://silkroadvb5piz3r.onion
I get a 503 Forwarding failure.
-
Yeah, I had alot of connectivity problems with Leberty . I now use Tails.
-
Step 1: Restart your internet connection by clicking on it with that pop up box from the network icon in the task bar.
Step 2: Click 'try again' in midori on the error page claiming a socks forwarding problem blah blah blah etc.
Step 3: Wait.
Step 4: Repeat step 2,3 a second time.
This nearly always works. Don't ask me why it works.
-
Step 0: Do not use Liberte and Midori as it has DNS leaks
Step 1: Make sure the time on your computer has been synchronized against an Internet time sever.
-
Step 0: Do not use Liberte and Midori as it has DNS leaks
Step 1: Make sure the time on your computer has been synchronized against an Internet time sever.
Sauce?
-
Yeah, I had alot of connectivity problems with Leberty . I now use Tails.
Thanks Fah-Q!
Tails works MUCH BETTER!
Logs on everytime, no problem.
https://tails.boum.org
-
Step 0: Do not use Liberte and Midori as it has DNS leaks
Step 1: Make sure the time on your computer has been synchronized against an Internet time sever.
Sauce?
You mean "Source?"? If yes, see http://dkn255hz262ypmii.onion/index.php?topic=19708.0
-
I see there's some controversy over whether the wget download manager for midori cooperates with torsocks properly i.e. the DNS leaking, but that shouldn't stop you using Liberte. After all, you can just use the Tor browser bundle inside Liberte etc. Nonetheless, it's a bit unsettling. Does anybody else have anything to add?
Also: look forward to a Liberte update. Neither Liberte nor Tails are perfect, we knew that already, but it's also hard to envision a static OS solution to perfect anonymity. On goes the arms race.
-
I see there's some controversy over whether the wget download manager for midori cooperates with torsocks properly i.e. the DNS leaking, but that shouldn't stop you using Liberte. After all, you can just use the Tor browser bundle inside Liberte etc. Nonetheless, it's a bit unsettling. Does anybody else have anything to add?
As far as I know, they are talking about wget as run from the command line -- not the wget download manager for Midori specifically.
-
I see there's some controversy over whether the wget download manager for midori cooperates with torsocks properly i.e. the DNS leaking, but that shouldn't stop you using Liberte. After all, you can just use the Tor browser bundle inside Liberte etc. Nonetheless, it's a bit unsettling. Does anybody else have anything to add?
As far as I know, they are talking about wget as run from the command line -- not the wget download manager for Midori specifically.
I think they are the same wget utility. e.g. it's like how ftp is an independent program from your browser, yeah all the browsers use it to download binaries, but it can also be used solo to download files manually. It's an old unix concept, you compartmentalize functionality, and then you get to use it across a whole range of programs as a building block.
Some of what is being said on the thread is foreign to me, not being a Tor expert and all, but if some version of wget leaks DNS requests, then it very probably does so for all platforms that version of wget is used on. e.g. other Linux distros that provide the wget utility for programs to use.
Until more is known, sticking to the Tor bundle is probably a good idea since the bundle is fully torified. I'll ask kmf about this DNS leaking issue with wget, I'm sure he'll have some idea of how to best approach the problem, maybe cast some more light on the topic.
-
im gonna use this guide http://dkn255hz262ypmii.onion/index.php?topic=15383.0 . what should i change as per instructions if i am to use Tails instead?
-
Until more is known, sticking to the Tor bundle is probably a good idea since the bundle is fully torified. I'll ask kmf about this DNS leaking issue with wget, I'm sure he'll have some idea of how to best approach the problem, maybe cast some more light on the topic.
I think you're misunderstanding the whole email thread. There is no issue with Tor and wget, but there is an issue with Tor and Midori (that has nothing to do with the download manager whatsoever).
-
Until more is known, sticking to the Tor bundle is probably a good idea since the bundle is fully torified. I'll ask kmf about this DNS leaking issue with wget, I'm sure he'll have some idea of how to best approach the problem, maybe cast some more light on the topic.
I think you're misunderstanding the whole email thread. There is no issue with Tor and wget, but there is an issue with Tor and Midori (that has nothing to do with the download manager whatsoever).
Very well, I shall repost the Tor Talk thread here and you can show me where I'm incorrect.
-
Ok, here is the Tor Talk thread that inspired our one:
Note:
I have reformatted the thread such that it's slightly easier to read, and deleted extraneous replies that don't improve the context of the posts. Other than that the information is the same, apart from 1 post from a guy who accidentally posted in the wrong thread.
Again, this is a technical subject, so the more eyes analyzing the information the better.
-----
[tor-talk] wget - secure?
#######################################################################
Post #1
torsiris at tormail.net torsiris at tormail.net
Tue Apr 17 18:27:03 UTC 2012
Hi,
I saw a conversation about wget and I'm wondering if wget is save to use.
I know about DNS leaking but could there be another privacy concern?
Can wget put the real IP in a header for example? I guess it can't but
does someone know for sure?
Thanks a lot!
#######################################################################
Post #2
Runa A. Sandvik runa.sandvik at gmail.com
Wed Apr 18 05:01:51 UTC 2012
According to a table on https://code.google.com/p/torsocks/, wget is
not 100% safe to use with Tor and it does leak DNS.
#######################################################################
Post #3
Maxim Kammerer mk at dee.su
Wed Apr 18 05:52:07 UTC 2012
On Wed, Apr 18, 2012 at 08:01, Runa A. Sandvik <runa.sandvik at gmail.com> wrote:
> According to a table on https://code.google.com/p/torsocks/, wget is
> not 100% safe to use with Tor and it does leak DNS.
No, what that table shows is that there are possible issues with
torifying wget with torsocks (as opposed to, e.g., pointing
http(s)_proxy to Privoxy; this probably just means that wget sends its
version in User-Agent header), and that wget does not leak DNS
requests when used with torsocks (a rather useless information, since
it says nothing about what happens without transparent torification).
My tests show that wget does not leak DNS requests when HTTP(S)
proxies are specified via environment variables.
TL;DR: wget is 100% safe to use with Tor and it does not leak DNS
(also true for curl, by the way).
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
#######################################################################
Post #4
coderman coderman at gmail.com
Wed Apr 18 07:07:11 UTC 2012
On Tue, Apr 17, 2012 at 10:52 PM, Maxim Kammerer <mk at dee.su> wrote:
> ...
> My tests show that wget does not leak DNS requests when HTTP(S)
> proxies are specified via environment variables.
if:
1. using environment variables correctly
2. using command line parameters correctly
set http_proxy but not HTTPS_PROXY or ALL_PROXY with recursive? maybe oops.
all generalizations are false ;)
in other words, user beware.
#######################################################################
Post #5
Robert Ransom rransom.8774 at gmail.com
Wed Apr 18 08:37:43 UTC 2012
On 2012-04-18, Maxim Kammerer <mk at dee.su> wrote:
> TL;DR: wget is 100% safe to use with Tor and it does not leak DNS
> (also true for curl, by the way).
Which version of wget did you audit? What information leaks did you
check for during your audit?
Which SSL library did you configure wget to use? Which version of
that SSL library did you audit?
Based on your knowledge of the protocols that wget supports, where did
you most expect to find information leaks in wget's source? (Since
you claim that ‘wget is 100% safe to use with Tor’, clearly you didn't
find any information leaks.)
Which configuration of wget makes it use Tor ‘100% safe’ly?
Robert Ransom
#######################################################################
Post #6
Maxim Kammerer mk at dee.su
Wed Apr 18 08:56:31 UTC 2012
On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774 at gmail.com> wrote:
> Which version of wget did you audit? What information leaks did you
> check for during your audit?
I should have known I would get useless replies with zero informative
content to that summary. Wget does not resolve hostnames when it uses
a proxy. Many programs do (e.g., Midori does, and Pidgin did at one
point, if I am not mistaken), but wget doesn't. Wget is therefore safe
to use via Tor. Do you have any specific information saying otherwise,
besides the obvious “no one should ever claim that anything is 100%
anything, ever”? Note that I originally replied to a post by Runa
Sandvik which was entirely wrong and needed correction, and that you
are quoting a summary. What is your contribution to this thread
exactly?
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
#######################################################################
Post #7
unknown unknown at pgpru.com
Wed Apr 18 16:29:29 UTC 2012
In theory smart adversary can reduce anonimity set with statisticaly profiling any non-TBB downloaders on the service side or through intercepting exit node traffic. Wget'll get a different responce than standart TBB or another downloaders to cookies and active elements injection, fonts manipulation on a page, etc.
#######################################################################
Post #8
Joseph Lorenzo Hall joehall at gmail.com
Wed Apr 18 17:00:21 UTC 2012
On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk at dee.su> wrote:
> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774 at gmail.com> wrote:
>> Which version of wget did you audit? What information leaks did you
>> check for during your audit?
>
> I should have known I would get useless replies with zero informative
> content to that summary. Wget does not resolve hostnames when it uses
> a proxy. Many programs do (e.g., Midori does, and Pidgin did at one
> point, if I am not mistaken), but wget doesn't. Wget is therefore safe
> to use via Tor. Do you have any specific information saying otherwise,
> besides the obvious “no one should ever claim that anything is 100%
> anything, ever”? Note that I originally replied to a post by Runa
> Sandvik which was entirely wrong and needed correction, and that you
> are quoting a summary. What is your contribution to this thread
> exactly?
I'm sorry, but I think you have it backwards in terms of uselessness
of replies on this thread. Ransom asked you a series of cordial,
pointed questions wondering under what configuration you determined
wget does not leak. The underlying point is that it would be neat if
you've done a comprehensive analysis of a specific version of Tor,
etc., etc.
That would be useful to know. best, Joe
#######################################################################
Post #9
torsiris at tormail.net torsiris at tormail.net
Wed Apr 18 21:40:24 UTC 2012
> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk at dee.su> wrote:
>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774 at gmail.com>
>> wrote:
>>> Which version of wget did you audit? What information leaks did you
>>> check for during your audit?
Hi,
How can I check what information wget is transmitting? I used wireshark
and filtered to see only the traffic sent from wget to localhost:8118 but
I'm not a network expert and I don't know how to interpret the data.
Anybody has deeper network knowledge?
#######################################################################
Post #10
Ondrej Mikle ondrej.mikle at gmail.com
Wed Apr 18 23:55:10 UTC 2012
On 04/18/2012 11:40 PM, torsiris at tormail.net wrote:
>> On Wed, Apr 18, 2012 at 4:56 AM, Maxim Kammerer <mk at dee.su> wrote:
>>> On Wed, Apr 18, 2012 at 11:37, Robert Ransom <rransom.8774 at gmail.com>
>>> wrote:
>>>> Which version of wget did you audit? What information leaks did you
>>>> check for during your audit?
> Hi,
>
> How can I check what information wget is transmitting? I used wireshark
> and filtered to see only the traffic sent from wget to localhost:8118 but
> I'm not a network expert and I don't know how to interpret the data.
>
> Anybody has deeper network knowledge?
I've just checked wget, it does leak DNS even with http_proxy environment
variable set.
How to check:
1. Run wireshark
2. Select "Pseudointerface (any)" unless you know which interface to look at
3. Put "dns" into the Filter field and click "Apply" button
DNS is easy to spot since it's almost always going to UDP port 53 (exceptions
are really rare).
Then you'll see what DNS queries your host did at the time (obviously it's best
to turn off any other program that could interfere in the measurement).
These things can change on version-to-version basis of the same software, so
it's always best to check your actual version with wireshark.
Though curl is much better than wget in all recent versions at least, this does
not leak DNS (--socks5-hostname is the important part; Tor SOCKS5 proxy is
expected to run at port 9050):
curl --socks5-hostname localhost:9050 "http(s)://somesite.wherever/rest_of_url"
Ondrej
#######################################################################
Post #11
Maxim Kammerer mk at dee.su
Thu Apr 19 08:02:37 UTC 2012
On Thu, Apr 19, 2012 at 02:55, Ondrej Mikle <ondrej.mikle at gmail.com> wrote:
> I've just checked wget, it does leak DNS even with http_proxy environment
> variable set.
Do you see wget actually connecting to the proxy? Wget terminal output
shows that.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
#######################################################################
Post #12
torsiris at tormail.net torsiris at tormail.net
Thu Apr 19 20:54:14 UTC 2012
[RE: Others in the thread]
Hi,
I cannot confirm that wget (v1.12) is sending any DNS resolve when using
it this way:
wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
http://download.test
Wireshark does not show any UDP traffic.
I will check out curl. I like the idea of not using a http proxy in between.
Thanks for the post. :-)
#######################################################################
Post #13
Ondrej Mikle ondrej.mikle at gmail.com
Thu Apr 19 22:23:40 UTC 2012
On 04/19/2012 10:54 PM, torsiris at tormail.net wrote:
> Hi,
>
> I cannot confirm that wget (v1.12) is sending any DNS resolve when using
> it this way:
>
> wget --proxy --execute=http_proxy=http://127.0.0.1:8118/ -c
> http://download.test
>
> Wireshark does not show any UDP traffic.
>
> I will check out curl. I like the idea of not using a http proxy in between.
>
> Thanks for the post. :-)
Hm, you're right, wget 1.12 does not leak DNS if you use http protocol. I just
realized I tested it also with https when the leak happened (wget requires
explicit 'https_proxy' to use CONNECT for https even if you use the same http
proxy).
Ondrej
#######################################################################
Post #14
torsiris at tormail.org torsiris at tormail.org
Sat Apr 21 23:25:36 UTC 2012
Hi,
Is there anything to worry about if using curl with the below configuration?
(I don't want to use a virtual machine)
Only debian-tor can go online:
iptables -F OUTPUT
iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
iptables -A OUTPUT -j ACCEPT -o lo
iptables -A OUTPUT -j ACCEPT -p udp --dport 123
iptables -P OUTPUT DROP
curl is used like this:
curl --socks5-hostname 127.0.0.1:9050 -A "TBB's user agent" -C - -O
http://download.testfile
I guess there is no way that curl can leak the real IP address. Any
objections?
#######################################################################
Post #15
Ondrej Mikle ondrej.mikle at gmail.com
Sun Apr 22 17:26:09 UTC 2012
On 04/22/2012 01:25 AM, torsiris at tormail.org wrote:
>
> Hi,
>
> Is there anything to worry about if using curl with the below configuration?
> (I don't want to use a virtual machine)
>
> Only debian-tor can go online:
> iptables -F OUTPUT
> iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
> iptables -A OUTPUT -j ACCEPT -o lo
> iptables -A OUTPUT -j ACCEPT -p udp --dport 123
> iptables -P OUTPUT DROP
Just to make sure, add explicit blocking of DNS at the beginning (might add -m
owner --uid-owner debian-tor if you want):
iptables -A OUTPUT -j ACCEPT -p udp --dport 53 -j REJECT
iptables -A OUTPUT -j ACCEPT -p tcp --dport 53 -j REJECT
REJECT is IMHO better than DROP for outgoing connections, since you won't have
to wait for application to detect timeout.
>
> curl is used like this:
>
> curl --socks5-hostname 127.0.0.1:9050 -A "TBB's user agent" -C - -O
> http://download.testfile
Use --header to add any additional headers until your request has identical
headers to TBB (adding headers is easy, removing might be harder).
> I guess there is no way that curl can leak the real IP address. Any
> objections?
I can't say for sure, but it likely won't leak your IP for http/https protocols.
Only way to make sure would be thoroughly reading the source.
Ondrej
#######################################################################
Post #16
Javier Bassi javierbassi at gmail.com
Sun Apr 22 21:26:40 UTC 2012
Just tested wget 1.12 with proxychains 3.1 and it does not leak DNS .^^
#######################################################################
Post #17
torsiris at tormail.org torsiris at tormail.org
Mon Apr 23 12:25:43 UTC 2012
> On 04/22/2012 01:25 AM, torsiris at tormail.org wrote:
>>
>> Hi,
>>
>> Is there anything to worry about if using curl with the below
>> configuration?
>> (I don't want to use a virtual machine)
>>
>> Only debian-tor can go online:
>> iptables -F OUTPUT
>> iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
>> iptables -A OUTPUT -j ACCEPT -o lo
>> iptables -A OUTPUT -j ACCEPT -p udp --dport 123
>> iptables -P OUTPUT DROP
>
> Just to make sure, add explicit blocking of DNS at the beginning (might
> add -m
> owner --uid-owner debian-tor if you want):
>
> iptables -A OUTPUT -j ACCEPT -p udp --dport 53 -j REJECT
> iptables -A OUTPUT -j ACCEPT -p tcp --dport 53 -j REJECT
iptables -P OUTPUT DROP will drop anything not allowed in the above rules.
I don't see the need to add more rules for DNS. They get dropped anyway.
>
> REJECT is IMHO better than DROP for outgoing connections, since you won't
> have
> to wait for application to detect timeout.
That's a good point for outgoing traffic. :-)
>
>>
>> curl is used like this:
>>
>> curl --socks5-hostname 127.0.0.1:9050 -A "TBB's user agent" -C - -O
>> http://download.testfile
>
> Use --header to add any additional headers until your request has
> identical
> headers to TBB (adding headers is easy, removing might be harder).
>
>> I guess there is no way that curl can leak the real IP address. Any
>> objections?
>
> I can't say for sure, but it likely won't leak your IP for http/https
> protocols.
> Only way to make sure would be thoroughly reading the source.
I see no way how curl could get the public IP address without root
privileges.
Thank you Ondrej for your point of view.
#######################################################################
Post #18
Robert Ransom rransom.8774 at gmail.com
Fri Apr 20 14:15:54 UTC 2012
On 2012-04-18, Joseph Lorenzo Hall <joehall at gmail.com> wrote:
> The underlying point is that it would be neat if
> you've done a comprehensive analysis of a specific version of Tor,
> etc., etc.
No, the underlying point is that I have personally seen wget send my
computer's IP address over Tor in an FTP PORT command. wget is not
‘100% safe’.
The code to send a PORT command is still present in wget 1.13.4. wget
1.13.4 is not ‘100% safe’; anyone who wants to recommend it needs to
specify a particular configuration of wget which is safe. (Don't
count on a ‘default configuration’; Linux distributors might have
messed with it, or failed to update it to the version shipped in
recent wget source distributions.)
And that's not even the potential information leak that folks who are
familiar with ‘anonymous FTP’ would check for first.
Robert Ransom
#######################################################################
Post #19
Maxim Kammerer mk at dee.su
Fri Apr 20 15:34:07 UTC 2012
On Fri, Apr 20, 2012 at 17:15, Robert Ransom <rransom.8774 at gmail.com> wrote:
> No, the underlying point is that I have personally seen wget send my
> computer's IP address over Tor in an FTP PORT command. wget is not
> ‘100% safe’.
Well, I was talking about http(s) specifically. While wget does
support ftp_proxy environment variable, I am not aware of any
“standard” configuration involving Tor (e.g., Privoxy / polipo) that
supports ftp_proxy (I guess wget would send proxy's IP in that case,
but didn't check). When used with tsocks / torsocks' LD_PRELOAD hack,
wget sends 127.0.0.1 with PORT, which only happens with
--no-passive-ftp, and is kind of pointless.
Perhaps you have seen the behavior you talk about in Tails, back
before I convinced them that transparent proxying with iptables is a
bad idea? In that case, the problem is with transparent proxying, not
wget.
--
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
#######################################################################
-
My Synopsis of thread for those less who know less geek stuff or whom are less inclined to trawl it, I will try to translate as simply as possible and remain concise if possible. Although part-geek, there are all manner of geeks, so bear in mind it is always possible I may misstate something.
--
Maxim Kammerer, the developer of Liberte Linux, claims that wget does not leak DNS requests and is a program safe enough to use with Tor.
== Translation for the non-geek:
DNS is a system on the internet which translates web addresses / URLs like http://www.google.com to the ip addresses by which computer's on the internet actually know each other.
So; a DNS leak in the context of using the Tor network could mean that your computer has sent its genuine ip adddress to a DNS server instead of communicating with an anonymous DNS server through the Tor network, which isn't exactly smart. i.e. you just fucked up.
wget then, is a utility for download of files from the Web. It supports http (downloading webpages), https (secure webpages), and ftp protocols (used for downloading normal files like pdfs etc), as well as retrieval through http proxies. wget is suspected of potentially leaking DNS requests.
==
Maxim says that this is not the case:
"My tests show that wget does not leak DNS requests when HTTP(S)
proxies are specified via environment variables."
The next poster, coderman, suggets that Maxim could have made a mistake by setting the wrong environmental variables, which he implies is easy to do and suggests caveat emptor.
== Translation for the non-geek:
Some of the default settings in Liberte may or may not have been set correctly, so that while wget may not directly be to blame for a DNS leak, the operating system with which wget interacts may have been incorrectly configured. Maxim disagrees, coderman is leery.
--
Robert Ransom then asks specific questions of Maxim, esstentially implying that Maxim may be overlooking potential DNS leaks from wget because he is using using an incorrect configuration.
--
Maxim then feels that he is being second guessed by ransom and replies abruptly. He requests specific information that wget is to blame for potential DNS leaks. He believes that because wget does not use DNS to translate hostnames (a human readable address like http://www.blahblah.com where blahblah is the hostname) when connecting to proxies like the Tor ntework, such that wget should be secure against leaking your geninue ip address.
== Translation: Maxim says no DNS request is ever made, so there can hardly be a leak.
Aside:
SSS, I think this is perhaps where our misunderstanding occured. The thread is aboug wget, but Maxim says that Midori resolves DNS requests when connecting through a proxy. However, this is not the point, since it does not mean there is a DNS leak merely because a DNS request is made so long as the DNS request is made via the Tor Network. What is important is that there is a DNS leak some place.
--
An anonymous poster suggets that an enemy could increase the likeihood of narrowing down a search for a Tor user, because the traffic from the Tor Browser Bundle and wget can be differeniated. i.e. using wget on the command line makes you more unique. I think other posters on SR have made similar points before, warning not to get 'too clever' with messing with your Tor configurations in case your Tor traffic behaves differently to the mainstream Tor traffic.
--
Joseph asks if Maxim has done a comprehensive aduit on the Tor package he's using in Liberte.
--
OP tries to use wireshark to work out if wget is making DNS requests directly to servers instead of through the Tor network.
--
Ondrej Mikle claims that wget does leak DNS requests, even when the enviromental variable that Maxim mentioned is set correctly.
--
Maxim questions this, he sees wget connecting to a proxy on his machine. There should be no DNS leaks.
--
Ondrej Mikle says that the DNS leak occured when using https, and there was no DNS leak with http. Perhaps another environment variable ought to be set.
--
Ondrej and OP disuss an alternative program called curl. OP decides to use curl instead of wget.
--
Javier Bassi says that wget 1.12 isn't leaking DNS requests for him.
--
Robert Ransom comes back and says "personally seen wget send my
computer's IP address over Tor in an FTP PORT command. wget is not
‘100% safe’."
--
Maxim suggests that this behavior might have occured in a previous edition of Tails for Robert and restates that wget isn't an issue.
-- End Thread To Date --
Conclusion: Liberte's developer says wget is correctly configured with TOR for use with webpages and should not leak DNS requests. Another poster, Javier Bassi agrees that wget doesn't leak DNS requests. However several people in the thread believe his interpreation could be mistaken, e.g. Runa A. Sandvik, coderman, Robert Ransom.
--> I would not use wget until this is hashed out.
--> SSS, you had the impression that Midori is not safe to use. I'm not sure that is the case for the reasons mentioned before. I think Midori wasn't actually under suspicion for leaking DNS requests. I'll search the source code to check in case Midori happens to use the wget utility since I don't know whether it does or not (computer is slow, might take a while).
-
Pine- I say this with the utmost sincerity:
I find it absolutely exhilarating when you break down techno-babble into layman's terms for the masses. If you wrote books, I'd read them- you are without a doubt, a world-class wordsmith.
-
Bump for pine
-
Geek wanna be scratches head and thanks for Pine&SSS post!
-
I would think that if Liberte has DNS leaks that it should be pretty trivial to determine this with Wireshark? The Tor people don't much care for Liberte and suggest Tails, but Tails is pretty much an anonymity death trap if you don't take care to keep persistent entry guards.
-
Pine- I say this with the utmost sincerity:
I find it absolutely exhilarating when you break down techno-babble into layman's terms for the masses. If you wrote books, I'd read them- you are without a doubt, a world-class wordsmith.
Thank-you for the compliment, lilith2u and treesplease too.
Midori does not use wget so far as I can tell by searching the source code for an instance of its use.
Re: eeee, it was a DNS leak. Liberte is a live usb OS, so it is unlikely to be malware related.
Re: kmf, well, wireshark is a very useful tool, but not one I am an expert on. Deep packet inspection seems non-trivial to me. Also, one of the posters Robert Ransom has in fact said that wget does have a DNS leak, not with http or https, but with ftp. Maxim suggested Robert was using a old version of Tails, but that wasn't confirmed. The trouble is, is that although I could run wireshark and look for a DNS request containing my real ip address, is that it might be platform dependent bug e.g. version of OS, version of wget. That would explain why Maxim and Robert's results varied. Hopefully the DNS leak was a mistaken reading from wireshark though.
Another subject:
Why is having persistent entry guards better than randomly chosen ones? Surely using the same entry/exit nodes on the Tor network all the time increases the chance of a traffic profiling attack? LE would only have to control two computers instead of a huge number of relays. Also: is using bridges the same thing or similar to using persistent entry guards?
-
I would think that if Liberte has DNS leaks that it should be pretty trivial to determine this with Wireshark? The Tor people don't much care for Liberte and suggest Tails, but Tails is pretty much an anonymity death trap if you don't take care to keep persistent entry guards.
Hi Kmfkewm,
Could you expand your explanation about Tails being an anonymity death trap?
What do you mean by "persistent entry guards"?
-
I would think that if Liberte has DNS leaks that it should be pretty trivial to determine this with Wireshark? The Tor people don't much care for Liberte and suggest Tails, but Tails is pretty much an anonymity death trap if you don't take care to keep persistent entry guards.
Hi Kmfkewm,
Could you expand your explanation about Tails being an anonymity death trap?
What do you mean by "persistent entry guards"?
He means that your Tor traffic enters and exits the network using the same relays. I think that's right, don't quote me, ha!
-
don't quote me
Sorry! ::)
-
Thanks for your precision Pine.
But now that these are clear, I also have the same question as you already ask: why keeping persistent entry guards would be more secure than having random ones automatically choosen by the Vidalia bundle embedded within Tails?
-
Bump.
So far there is no consensus about wget and DNS leaking which means we should probably stop using that as a fact. Or "liberte is leaking DNS" for that matter.
-
Bump.
So far there is no consensus about wget and DNS leaking which means we should probably stop using that as a fact. Or "liberte is leaking DNS" for that matter.
I've asked for clarification in a few threads regarding this... And so far all I've seen is the original blanket statement with nothing at all to support it.
I've posted a few references, one form the Tor Project itself, which talk specifically about DNS leaks, and how to configure Tor with Privoxy (and other methods) so that it isn't an issue. As I understand it, Liberte does this automatically, and I can find nothing that indicates otherwise.
https://trac.torproject.org/projects/tor/wiki/doc/Preventing_Tor_DNS_Leaks
http://securitystreetknowledge.com/?p=283
http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls
People, please... If your'e going to state something as fact, such as "Liberte has been known to leak DNS requests" or "Liberte is not safe to use at this time"... Then at least attach something to support your statement.
I'm not an expert on the subject, but I'm a pretty quick study, and I'd prefer to verify something myself before I accept it as fact. I'm not claiming you're wrong... I'm only asking you to cite the reference that prompted you to claim something as factual.