From: SourceForge.net <no...@so...> - 2005-03-24 18:33:41
|
Support Requests item #1169512, was opened at 2005-03-23 22:54 Message generated for change (Comment added) made by anonymous333 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=1169512&group_id=11118 Category: actions files Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Privoxy does not block user-agent info on ssl connections Initial Comment: Privoxy (latestversion) leaks the true user-agent and os on ssl connections regardless of any settings in the actions file. +block-user-agent (from memory) does not work. Works for http proxy judges but not for ssl connections. Double checked my browser settings and the action file settings. Tried block, forge, {fake}, etc. NONE work. This is a serious flaw to Privoxy and reduces your anonymity signifcantly. Better keep changing your browser and OS when u use Privoxy with Tor. ---------------------------------------------------------------------- Comment By: anonymous333 (anonymous333) Date: 2005-03-24 18:33 Message: Logged In: YES user_id=1246042 It's a funny thing. You take the developers of a program that supposedly advocates privacy and anonymity and they make a page like this one that is a) a pain in the ass to register for and b) compromises ur anonymity by requiring ssl to access the page and childlishly asks for your "true identity" (what a joke). At the same time they are asking for donations for a program, Privoxy, that does not do what it claims-leaks user-agent and OS details under ssl connections. Does this sound like a group of people you would want to trust your privacy with? I don't think so. Jusers that depend on Privoxy for privacy are deluding themselves. There are also better alternatives which are also free, but have not been tested by me at least with Tor. SSL data CAN be decrypted and filtered and reencrypted, but Privoxy doesn't do it. ---------------------------------------------------------------------- Comment By: Rodney (iwanttokeepanon) Date: 2005-03-23 23:36 Message: Logged In: YES user_id=192651 Seem to recall this thread from before. Basically privoxy cannot "muck" with the data cause that would cause checksums / certificates / etc... to fail. If they didnt, then their security isnt too good because ssl is designed to keep sessions from being tampered with. Also, if you dont trust the server ... dont login. Privoxy is still the best thing out there for the web browsing experience. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=211118&aid=1169512&group_id=11118 |