[Bug-gnuzilla] Bug: Default bundled Torâ„¢ Browser Button extension leaks your IP over DNS requests in default configuration.
This is easy to test, setup the Tor Browser button with the default configuration in Icecat and access a regular site, which should work. However if you attempt to access a Tor hidden site the name does not resolve. This demonstrates that the DNS requests are not going to the Tor socks proxy like they should be. This can be fixed by setting network.proxy.socks_remote_dns to true whenever the Tor Browser Button is enabled, but that does not seem to be the default behavior. I'm running the latest icecat version packaged for Parabola and the output of icecat --version is GNU icecat 60.3.0 If solving this is not an easy fix it may be better to disable the extension, since at the moment users are not secure and their DNS requests for Tor go directly to their ISP or their local network which could put them in danger. - Turner Hall https://gnu3.xyz/ -- http://gnuzilla.gnu.org
[Bug-gnuzilla] Bug: Default bundled Tor Browser Button extension leaks your IP over DNS requests by default
This is easy to test, setup the Tor Browser button with the default configuration in Icecat and access a regular site, which should work. However if you attempt to access a Tor hidden site the name does not resolve. This demonstrates that the DNS requests are not going to the Tor socks proxy like they should be. This can be fixed by setting network.proxy.socks_remote_dns to true whenever the Tor Browser Button is enabled, but that does not seem to be the default behavior. I'm running the latest icecat version packaged for Parabola and the output of icecat --version is GNU icecat 60.3.0 If solving this is not an easy fix it may be better to disable the extension, since at the moment users are not secure and their DNS requests for Tor go directly to their ISP or their local network which could put them in danger. -- http://gnuzilla.gnu.org