Dave Warren writes: > On 2014-02-28 08:21, [email protected] wrote: > >On 02/19/2014 at 10:40 PM, "Daniel Kahn Gillmor" > ><[email protected]> wrote: > > > > On 02/19/2014 08:41 AM, [email protected] wrote: > > > I use Firefox plugin and I detected connections to > > localhost:9050 when > > > HTTPS-Everywhere plugin is enabled. When plugin is disabled, > > this does > > > not occur. Observatory is disabled. > > > > localhost:9050 is a common port for the system tor socks proxy to run > > on. Are you sure you didn't also do some sort of tor configuration or > > reconfigure your proxy settings around the same time as installing > > https-everywhere > > > > > >No, I did no proxy configuration. I just installed Firefox with > >HTTPS Everywhere and when the plugin is enabled my firewall > >detects connections to 127.0.0.1:9050. > > Given that HTTPS Everywhere has some internal Tor support, I wonder > if it's simply checking to see if a typical Tor install is > available?
Yes, this has to do with the Observatory wanting to submit cert observations via Tor. If the Observatory is enabled with default settings, it looks for a Tor proxy on localhost:9050. You should be able to stop this (if it isn't what you want) with the HTTPS Everywhere SSL Observatory Preferences by disabling all Observatory reporting. Note that if Tor isn't installed, the failed connections to port 9050 won't harm anything -- depending on your Observatory settings, they'd just cause HTTPS Everywhere to conclude that you don't have Tor installed and then not submit any observations to the Observatory. You can see the details of the implementation of this functionality in https://gitweb.torproject.org/https-everywhere.git/blob/HEAD:/src/components/ssl-observatory.js -- Seth Schoen <[email protected]> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
