Firefox, Privoxy, Tor

[toruser8888]

Hello,

- At h*tp://www.privoxy.org/faq/misc.html#TOR I read: "4.10. How do I use Privoxy together with Tor? (...) As far as Privoxy is concerned, Tor is just another proxy that can be reached by socks4, socks4a and socks5. Most likely you are interested in Tor to increase your anonymity level, therefore you should use socks5, to make sure DNS requests are done through Tor and thus invisible to your local network. (...)."

This as far as I understood it means that if I use socks5 together with Tor then DNS requests are done through TOR. That's why I thought everything is fine.

- At h*tp://bodhizazen.net/Tutorials/TOR I read: "socks4 vs socks5 & DNS leak, One area of departure is the use of socks5, which can reduce privacy via DNS leaks", the advice given there: "1. Use socks4a with polipo and privoxy (rather then the default socks5). 2. Configure Firefox to use remote DNS resolution."

This as far as I understood means that I should not use socks5 and configure Firefox to use remote DNS resolution (network.proxy.socks_remote_dns true). Now I became confused.

- At h*tps://itnomad.wordpress.com/2006/09/29/a-few-privacy-notes-regarding-tor/ I read: "A few privacy notes regarding TOR (...) Configure SOCKS correctly: If you use Firefox and a SOCKS-connection, be sure to set Firefox’s variable network.proxy.socks_remote_dns to true – if you forget that you’re leaking the name of the server you want to connect to to the DNS-system. (...)"

- At h*tps://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers I read: "Mozilla Firefox (...) Be careful, though: In some versions of Firefox, it is possible that even with this option set remote DNS resolution will not work. In this case, you may want to use Privoxy or similar projects. (...)"

These are my questions:

- Is it true that the use of socks5 reduces privacy?
- Is it enough to use socks5 together with TOR to make sure DNS requests are done through Tor or is it nescessary to configure Firefox to use remote DNS resolution?
- What has Privoxy to do with remote DNS resolution?

Thank you very much for your help.

[toruser8888]

This is what I found out:

- If the socks client and the socks 5 proxy TOR are used in the correct way privacy is not reduced.

- h*tps://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#HowdoIaccessTorhiddenservices

There are several versions of socks:

SOCKS 4 proxies require an IP from the client (a web browser is an example of a SOCKS client).
SOCKS 4a always accepts a hostname.
SOCKS 5 can accept either an IP or a hostname.

Using a socks 4 proxy reduces privacy. To keep privacy it is necessary to use a socks 4a or socks 5 proxy. If using a socks 5 proxy this alone is not enough if the client sends the DNS request itself. To keep privacy it is necessary to configure the client in such a way that it does not do DNS requests itself but gives the hostname directly to the socks 5 proxy. Regarding Firefox there are at least 2 important parameters:
- network.dns.disablePrefetch
- network.proxy.socks_remote_dns
But there might be other config parameters that are important for privacy of which I do not know.

If TOR should be used as safe as possible with regards to privacy it must be used together with activated Torbutton which takes care of all important config parameters.

- h*tps://secure.wikimedia.org/wikipedia/en/wiki/Tor_%28anonymity_network%29

"As of Tor release 0.2.0.1-alpha, Tor includes its own DNS resolver which will dispatch queries over the mix network." It is necessary to use the newest version of TOR.

- h*tps://www.torproject.org/docs/faq.html.en#TBBPolipo

"In the past, Tor bundles included an HTTP proxy like Privoxy or Polipo, solely to work around a bug in Firefox that was finally fixed in Firefox 6. Now you don't need a separate HTTP proxy to use Tor, and in fact leaving it out makes you safer because Torbutton has better control over Firefox's interaction with websites." It is necessary to use the newest version of Firefox.