On Tue, 15 Dec 2009 10:14:31 +0100, Milan Berger said: > > the only way to avoid DNS leaks despite most application configuration > > is a transparent Tor proxy that intercepts all DNS and TCP at the > > network layer and performs a redirect to the Tor Tcp and DNS Ports. > > (see man page.) > > Bullshit. > Tor proxies are > a) not the best way > b) many apps like firefox enable using proxy for dns as well as other > connections.
Not bullshit at all. Taking the points in reverse order: (b) Note that 'many apps" means "mostly avoid", not "totally avoid". You run any app that's not DNS-proxy aware, you just leaked and whoever you're using Tor to avoid is now potentially pounding on your door. Sure, the difference doesn't matter if you're using Tor to be a cool wanker. But if you're using Tor because it *matters*, "98% of apps get it right themselves" is a big *fail*. You really want to enforce 100% correctness whether the app is correct or not. (Stated in another way - sometimes DAC just doesn't cut it, and you really *do* want the added complication of MAC). (a) If you have a better way than a Tor proxy to avoid DNS leaks from programs that don't DNS-proxy themselves, feel free to actually *tell* us what it is, rather than just babble "they aren't the best way". Given you got the *other* point totally wrong, we have no reason to believe a content-free 'not the best way' unless you actually have an evaluatable statement like 'XYZ is better'.
pgpVnRgwGJXh1.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
