Tor Vidalia Bundle Using Google DNS?

Discussion in 'privacy technology' started by caspian, Aug 16, 2011.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't use Tor often. But I just reinstalled my OS on this computer and installed the Vidalia Bundle. So I decided to fire it up. Just fiddling around, I went to the Oarc DNS Test https://www.dns-oarc.net/oarc/services/dnsentropy and it said that I was using Google 74.125.38.81. So I then went to the "are you using tor" page to see if I was connected to Tor and it said I was. It gave my IP as 46.19.138.242. I was surprised.

    1.jpg

    2.jpg

    3.jpg
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
    Hi Caspian,

    You need to check the web browser you use when Torbutton is active. Is it Firefox - hopefully it is. Create a new tab and enter: about:config. Then type in the variable name, network.proxy.socks_remote_dns. Its value should be set to true when Torbutton is enabled. If it is false, then toggle it to true.

    This assures that you are using the exits node's DNS server via Tor. If you are not using Torbutton when Tor is active, you need to install it.

    -- Tom
     
  3. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I use the Mozilla add on "Better Privacy" for Firefox instead of "Tor Button"
     
  4. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that, Tom. I will do that. But will that effect my regular browsing? I rarely use Tor. I normally use Xerobank or Cryptohippe. Or just my bare connection. And when I do use Tor, I normally use the Tor preconfigured browser. This time I was using the Vidalia Bundle with firefox 6, torbutton, noscript, adblock plus, and https everywhere. I assumed that Tor button would take care of everything, but I guess that isn't so. Thanks for the info.
     
  5. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I use better privacy too. But you can't run Tor in Firefox without Torbutton.
     
  6. tsec

    tsec Registered Member

    Joined:
    Nov 18, 2008
    Posts:
    181
    There are issues apparently with the Tor Button - check the Tor blog. Its been removed from the add-ins pages at Mozilla.

    Toggling (amongst other things) is not working with later versions of FF - if this functionality is required then one should seek out earlier versions of the browser bundle.
     
    Last edited: Aug 17, 2011
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
    When I joined the Tor chat line one day, I asked them about certain configurations that I wanted to test, and they advised me to never run Tor without Torbutton if you want to protect your privacy. Torbutton prevents Firefox add-on leaks by disabling all Firefox add-ons - not sure about NoScript in that regard though.

    You can download earlier versions (like the newly released version 3.6.20 yesterday) from the link: All Older Firefox Releases or at one of the Firefox Mirror websites Firefox Mirrors.

    Caspian:
    If you do not use one of the Tor bundles - be careful as it is possible to run Tor and Firefox without Torbutton, e.g. if you forget to install the Torbutton add-on.

    Your best bet is to rely on TAILS (The Anonymous Incognito Live System) (Live CD or USB) for using Tor as it works out of the box fully configured to protect privacy. Otherwise, you also need to be careful that you have a separate and distinct Firefox profile (from your normal browsing profile) when you use Tor rather than mix the use of Tor in with your normal browsing. An added precaution would be to create a separate and distinct Firefox executable (or one of the Firefox clones like Iceweasel) with a separate profile and your prefered add-ons, and then go the distance by substituting the TAILS browser's prefs.js file into it.

    Both Vidalia, and also Tork (KDE oriented) are known as Tor controllers which are quite different in their capabilities from Torbutton (remember don't forget to use Torbutton with Tor in Firefox)!

    -- Tom
     
    Last edited: Aug 17, 2011
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It's entirely possible that the Tor exit node used by that connection uses Google DNS.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,102
    Yes, that is probably what happened re: post #1.

    -- Tom
     
  10. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    The Tor button and Firefox is probably the easier way to cover all the bases, but it is not the only way to make certain that all browser traffic goes thru Tor. I use the SeaMonkey browser, Proxomitron, and SocksCap with the Tor-Vidalia bundle. It works quite well.

    It's an old thread, but for those who want to use Tor with another browser, this thread has a lot of good info. An effective way to make sure your browser has to connect thru Tor is to block it's ability to connect out directly with firewall rules. With a blocking rule, you can also prevent the browser from connecting directly to your local DNS, forcing it to use Tor. This would require disabling the DNS service on your PC and allowing apps to perform their own DNS, after which they can be controlled individually.
     
  11. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that, Tom. I have heard of TAILS but have never tried it. I may just go ahead and try it this evening. Sounds really cool.

    I am now wondering what would be detected by using my regular browser? I have Firefox set to delete everything on exit, with no saved passwords. I also use sandboxie, so I don't think that any browsing records could be saved. But I do have plenty of bookmarks. I normally use the preconfigured Tor Browser Bundle, sandboxed, from a USB stick, or inside of a truecrypt folder. So I guess I'm good to go from there. But I will create an additional portable Firefox browser specifically to use with Vidalia Bundle.

    I've never heard of Iceweasle. I'll have to check it out. And I will certainly have to figure out how to transfer the TAILS prefs.js file into Firefox. I am not familiar with that. Thanks so much for your suggestions.

    As for creating different browsers, what do you think of the idea of creating separate truecrypt folders for each browser, running them from inside of the truecrypt folder sandboxed with Sandboxie (configured with Earaser)?
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I had no idea about these other options. Thanks for showing me. I'll take a look.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I just finished testing the SeaMonkey-Proxomitron-SocksCap combo via Tor/Vidalia using the tests listed on this page, plus a couple others. I did not download the files from decloak. None of the sites could find my real IP. One of the tests claimed that I wasn't using Tor, then identified the browser and OS of the exit node. Even the World IP browser extension doesn't know my real IP when I use Proxomitron.
    Prox-WorldIP.gif
    I'll have to do some more testing, but I think I have all the bases covered.
     
Loading...
Thread Status:
Not open for further replies.