>>> Users leaking dns / failing to redirect dns into tor is not a tor problem.
I'm going to rebut these two replies a bit. TPO makes Tor, the client, and some surrounding tools, and docs, and efforts regarding Tor in the world. It's not Tor's responsibility to somehow reach into users machines, understand all their configs, and magically reconfigure them and all their apps to talk to Tor. Tor provides the client interface, users must get their packets there. Tor does help by providing a wiki/tor-talk/irc/stackX/etc where users can discuss how to do that for their apps/OS. And they do provide TBB. Users can further choose from Tails/Whonix, etc. But ultimately, as with any other tool, it's up to the user, not Tor. I want users at all levels to be able to use tor properly, but the amount of work and handholding is simply outside the scope and capability of TPO. FWIW, I think out of... - Developing TBB. - Spending time to, in fact, say, have the client trigger each OS's routing/filter API into routing everything into tor. ...that it's better that tpo do tbb because tbb tech (and pushing it upstream) is more valuable to the world than turning your box into yet another boring single purpose router brick (that has already been done, and users can customize by using the above resources). > If it was not a Tor > problem, .onion would not be needed in the first place. .onion HS is unrelated to the 'place' of apps 'leaking' dns. The talk of how to handle a day if .onion becomes a non-reserved-for-tor clearnet tld is also separate from that. (Or Tor could simply elect to flag day over to .noino, but that could become an arms race.) > But for non-hackers, the reality is that apart from booting Tails and > enjoying a proper Tor setup, installing the Tor package on most distros > does not come with pre-installed DNS and *will* leak queries by default. Tor client is not a sysadmin app, so it follows standard models to not go mucking around your system like an SA. That includes pointing the system resolver to DNSPort (which would break everything to go in that default direction), or "come with pre-installed DNS" (daemon and configs presumably). DNS "leaks" really refer to, and only occur as a result of, apps that fail to send DNS alongside TCP according to an applicable SOCKS5 directive given to them. Or from uncharacterized/unsolved situations with torsocks (due again to apps/system doing odd things). Those, or users simply not configuring things (that do work correctly) into tor properly, are not a tor problem. You have to learn and know what you're doing to use Tor properly, and in a way that suits your setup, it says so right on the tin. Or go for prepackaged TBB, Tails, Whonix. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
