"If you refer to any machines by hostname when you're using tsocks, you'll be sending that hostname over the network." http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-e7ecbba74aafc3e03f76804478ab2ffdb5048b17 Path for tsocks 1.8_beta5: http://www.totalinfosecurity.com/patches/tor.php
Not really sure what to think of this one.
It is a serious problem of security because it creates a false appearance of anonymity or privacy. If you use TOR for anonymizing over Internet (TCP) you are not really anonymous because tsocks is sending the DNS name DNS which you visit over the network. So your ISP knows what webs you are viewing.
s/the DNS name DNS/the host name DNS
I understand that. But when using TOR you shouldn't use anything that gives your hostname. tsocks gives it. Microsoft Word documents also give it. I don't see why we should patch tsocks just so that it can be used with Tor. We won't patch Word so that it doesn't give your hostname. Or any other client software that gives away your host... This is not a bug or a vulnerability in tsocks. It's just that it shouldn't be used with TOR. So I tend to close this one as INVALID for security, but you may reassign it to tsocks maintainers and convince them that this patch won't hurt (and will allow use with TOR).
I agree with Koon, we should reassign to tsocks maintainer who can decide what to do, tor isnt a magic wand that will make any traffic safe.
A compatibility patch for tsocks so that it works correctly with TOR is *not* a security issue. Closing as INVALID, feel free to reopen and assign to maintainer instead.
