[Noisebridge-discuss] tor proxies

[T]

On Sun, Jul 18, 2010 at 18:13, Sai Emrys <noisebridge at saizai.com> wrote:
> On Thu, Jul 15, 2010 at 4:24 PM, T <t at of.net> wrote:
>> I usually configure browser to use privoxy, privoxy to use polipo, and
>> polipo to use tor.
>
> I strongly recommend that unless you have a good reason not to, you
> use Torbutton instead for browsing purposes. There are a lot of ways
> that your suggested setup leaks information enough to identify you.
>
> For general purpose use, I use Proxifier, which transparently reroutes
> all traffic that meet the rules you specify (destination IP or app
> based), optionally including DNS lookups. I have Proxifier running
> always when I'm on an untrusted network, tunneling through a private
> server w/ an SSH tunnel. (You could equally well tunnel it through
> Privoxy/Tor - it takes any proxy.)

Well, when I say "configure browser" I do in fact mean use a firefox
plugin to route me to the proxy like you do.  Good to know about
proxifier- is it better than foxyproxy?

Why do you think torbutton alone is better than using privoxy to
(relatively) sanitize?

Its troublesome when people use blanket statements like "I recommend
you use x" since x is often not enough- you still need to understand
what the tool does and its limitations.

For example, people using tor may think it protects their passwords
from being stolen, ignoring the fact that http through tor still has
an unencrypted step between the tor network and the target server, and
that sniffing passwords there is arguably even easier there than
directly (to sniff passwords at a tor exit point you just have to run
a tor exit point, whereas to sniff passwords directly you need to
infiltrate the ISPs or trunks).

It may be pedantic, but I always tell people what I do, not what they
should do.  Only the person taking the action knows enough about their
own situation and needs and level of knowledge to decide what is the
right tool and what is "enough" for what they want to accomplish.

T