On Sat, Mar 3, 2012 at 12:33 AM, <[email protected]> wrote: >... > Application level leaks are problematic. We have a page which describes many > of these problems including with workarounds (we recommend Tor Browser etc.).
these are significant if you are mixing tor and non-tor access on the same system. much of this is covered in the thread, and the particular risks are very specific to context and nature of use, as discussed. > Anyway, transparent proxying should be still safer then socksifying. yes. there are still poor and better ways to configure transparent proxy. > The transparently proxied operating system does not know it's real external > IP, only it's Tor exit IP. And can therefore never leak it's real external > IP. ... DNS / UDP leaks are impossible. Real IP may also not leak, the > operating system doesn't have a way to find it out. this is not true; you must also prevent all local subnet access when in this mode. this may entail removing IPv6 interfaces, changing the default route to a /31 or /30 path, etc. otherwise there are attacks which reflect or bounce traffic on the local network to obtain public IP address or leak endpoint to an attacker. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
