tor/privacy (socks5) option giving ssl error

Daniel Atallah datallah at pidgin.im
Tue Apr 2 22:36:51 EDT 2013


On Tue, Apr 2, 2013 at 9:11 PM, Ileana <ileana at fairieunderground.info> wrote:
> From my basic understanding, a tor/privacy setting should ensure:

All of my answers below apply to stock Pidgin when you select
Tor/Privacy in the proxy settings- any third party plugins could
change the behavior.

Some effort has been put into making XMPP "safe" from a privacy
perspective; other protocols have issues - good patches are always
welcome.

> *no local dns lookups (perhaps as an options checkbox)
> socks4 automatically does lookup at end...there is no option.
> socks5 you have option for local or remote dns in the spec.  Most tor
> users want remote, except in the case of TAILS a user might handle the
> dns queeries locally(and then resolving them through for instance tor's
> dns port).  I think the same side is to do them remotely.

The libpurple DNS functionality will be blocked - anything that can be
done through the proxy will be done, otherwise the functionality will
fail (for things using the libpurple DNS API).

It's possible that protocols like gadu-gadu or sametime, which use
external libraries to implement the protoco,l would make DNS requests
without using the libpurple API.

It looks like Bonjour/Link-Local accounts will send stuff out on your
local network, because that's how the protocol works.

> *real ip address never gets sent out

This should be the case for XMPP.

If libpurple/Pidgin is configured appropriately, it won't know what
your external IP address is.

>
> *no other system information gets sent out(kernel version, uname,
> os, etc)

Your IRC account default settings contain some information from your
OS user account, but you're free to change them.

See https://developer.pidgin.im/ticket/15295

There may be other issues for other protocols

>
> *nothing that seems to be a unique identifier gets sent out upon
> connect/reconnect. (i.e. ssl session ids, user agents/version, etc).

Of course "unique" things will be sent out - you're connecting to a IM
account and your account name will be sent out (and possibly your
password too depending on what you're connecting to).

>
> *timestamps all converted to utc

I'm not sure if there are places where your timezone or information
that can be used to deduce your timezone are sent out, but I don't
consider this sensitive.

> *any functionality such as dcc where there is a direct connection to
> the other client should either be disabled or also insure real ip is
> not leaked.

This wouldn't be a reasonable assumption to make for protocols other than XMPP.

> I can't think of anything else off the top of my head, but I may have
> missed something.
>
> If you are a developer and can point me to a link to the code that
> handles the proxy settings, I would take a further look.

libpurple/proxy.c




More information about the Support mailing list