Re: [Tails-dev] Switch to Privoxy?

Delete this message

Reply to this message
Autore: Jacob Appelbaum
Data:  
To: Maxim Kammerer
CC: The Tails public development discussion list
Oggetto: Re: [Tails-dev] Switch to Privoxy?
On 03/25/2012 01:57 PM, Maxim Kammerer wrote:
> On Sun, Mar 25, 2012 at 17:40, intrigeri <intrigeri@???> wrote:
>>> Could you please share a Privoxy configuration you trust to be safe
>>> using with Tor?
>
> I still don't understand why would anyone trust Tor developers to
> correctly configure Privoxy.
> E.g., on https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhydoweneedPolipoorPrivoxywithTorWhichisbetter:
> "it needs to see the entire page to parse it, before sending it on to
> the browser".
>


The first part of the FAQ is the most important:

"Why a HTTP proxy at all?"

> This incorrect remark can mean only one thing: whoever wrote that
> sentence didn't read the manual. For a decent configuration, see
> src/etc/privoxy in Liberté's git, which includes Referer/Host header
> rewriting for .exit notation support, for instance.
>


It's a wiki. Feel free to update it?

I looked at your config (
https://github.com/mkdesu/liberte/blob/master/src/etc/privoxy/config )
and it looks like the following:

confdir         /etc/privoxy
logdir          /var/log/privoxy


actionsfile     match-all.action        # Actions that are applied to
all sites and maybe overruled later on.


# Ad-blocking is done in browsers nowadays, and removing
# page blocking and content manipulation from Privoxy makes
# it more robust (e.g., for cables communication).

# actionsfile     default.action          # Main actions file
# actionsfile     user.action             # User customizations


# filterfile      default.filter          # Main filters file
filterfile      user.filter             # User filters file


logfile         privoxy.log


listen-address  127.0.0.1:8118
toggle          1
enforce-blocks  0


buffer-limit    4096


forward-socks5  /                       127.0.0.1:9050  .
forward-socks5  check.torproject.org    127.0.0.1:9050  .
forward-socks5  torcheck.xenobite.eu    127.0.0.1:9050  .
forward-socks5  .onion                  127.0.0.1:9050  .
forward-socks5  .exit                   127.0.0.1:9050  .


forward         .i2p                    127.0.0.1:4444
forward         .i2p:443                127.0.0.1:4445
forward         *AAAA/                  127.0.0.1:4444
forward         *AAAA:443/              127.0.0.1:4445


forward         127.0.0.1/              .
forward         localhost/              .
forward         liberte/                .
# forward        192.168.*.*/             .


forwarded-connect-retries               2
accept-intercepted-requests             0


keep-alive-timeout                      5
socket-timeout                          300
# EOF


It seems like your config tampers with the requests pretty heavily and
the support of .exit should probably be disabled. I also think it is
dangerous to support both i2p and Tor with the same privoxy config. It
seems like it should be possible to construct a single webpage that
attempts to link i2p and Tor usage via HTTP and thus fingerprints the
user as using Liberté... No?

If I was going to make your config more generic, I'd probably remove the
filters to reduce the attack surface and to simply make it an HTTP shim:

#Begin
confdir         /etc/privoxy
logdir          /var/log/privoxy
logfile         privoxy.log


listen-address  127.0.0.1:8118
toggle          1
enforce-blocks  0


buffer-limit    4096


forward-socks4a /                       127.0.0.1:9050 .
forward-socks5  /                       127.0.0.1:9050  .
forward-socks5  .onion                  127.0.0.1:9050  .


forwarded-connect-retries               2
accept-intercepted-requests             0


keep-alive-timeout                      5
socket-timeout                          300
#EOF


All the best,
Jacob