tor/privacy (socks5) option giving ssl error
datallah at pidgin.im
Tue Apr 2 22:36:51 EDT 2013
On Tue, Apr 2, 2013 at 9:11 PM, Ileana <ileana at fairieunderground.info> wrote:
> From my basic understanding, a tor/privacy setting should ensure:
All of my answers below apply to stock Pidgin when you select
Tor/Privacy in the proxy settings- any third party plugins could
change the behavior.
Some effort has been put into making XMPP "safe" from a privacy
perspective; other protocols have issues - good patches are always
> *no local dns lookups (perhaps as an options checkbox)
> socks4 automatically does lookup at end...there is no option.
> socks5 you have option for local or remote dns in the spec. Most tor
> users want remote, except in the case of TAILS a user might handle the
> dns queeries locally(and then resolving them through for instance tor's
> dns port). I think the same side is to do them remotely.
The libpurple DNS functionality will be blocked - anything that can be
done through the proxy will be done, otherwise the functionality will
fail (for things using the libpurple DNS API).
It's possible that protocols like gadu-gadu or sametime, which use
external libraries to implement the protoco,l would make DNS requests
without using the libpurple API.
It looks like Bonjour/Link-Local accounts will send stuff out on your
local network, because that's how the protocol works.
> *real ip address never gets sent out
This should be the case for XMPP.
If libpurple/Pidgin is configured appropriately, it won't know what
your external IP address is.
> *no other system information gets sent out(kernel version, uname,
> os, etc)
Your IRC account default settings contain some information from your
OS user account, but you're free to change them.
There may be other issues for other protocols
> *nothing that seems to be a unique identifier gets sent out upon
> connect/reconnect. (i.e. ssl session ids, user agents/version, etc).
Of course "unique" things will be sent out - you're connecting to a IM
account and your account name will be sent out (and possibly your
password too depending on what you're connecting to).
> *timestamps all converted to utc
I'm not sure if there are places where your timezone or information
that can be used to deduce your timezone are sent out, but I don't
consider this sensitive.
> *any functionality such as dcc where there is a direct connection to
> the other client should either be disabled or also insure real ip is
> not leaked.
This wouldn't be a reasonable assumption to make for protocols other than XMPP.
> I can't think of anything else off the top of my head, but I may have
> missed something.
> If you are a developer and can point me to a link to the code that
> handles the proxy settings, I would take a further look.
More information about the Support