Hi! Since we now include Torbrowser patches, we gained the `network.proxy.socks_remote_dns` preference.
Its implemented in: <https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0016-Prevent-WebSocket-DNS-leak.patch> When this option is true, Firefox will fail every name resolving request that is not going through a proxy (except when asked the noop that is resolving an IP address). socks_remote_dns is set to true by Torbutton. This is currently seen as mandatory: when set to false, Torbutton assumes we are out of "Tor mode" and display a broken onion. This state of affairs currently breaks (at least) two things in Tails 0.14: * Access to the I2P router console through `http://localhost:7657/`. * The Monkeysphere extension is not able to connect the validation agent. (This one also requires a new whitelist rule in FoxyProxy to fully work again.) Both can be fixed by using `127.0.0.1` instead of `localhost`. That's good enough if there's not an army of similar issues behind. But given that Tails system resolver is using Tor, this already takes care of the leaks that `socks_remote_dns` prevents. So we could also modify Torbutton think good things about our torrified system resolver. What do you think? -- Ague
pgpwOeuIADCq5.pgp
Description: PGP signature
_______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
