Open ntninja opened 9 months ago
TOR is regarded as SOCKS5. The user/pass are intended for SOCKS5. The interface fills some entries to help the user, they are editable.
Yes, the suggestion was just to make the user interface match the meaning of these fields in the context of the user-selected TOR option rather than what they would mean for a generic SOCKS5 proxy. I mean, the way TOR reuses the authentication fields for its stream isolation features has absolutely nothing to do with authentication, yet users end up seeing a username and password field anyways but it doesn’t do what it says on the tin can.
To be clear: What FoxyProxy does here isn’t wrong, the suggestion was just that since FoxyProxy already distinguishes between TOR and other SOCKS5 in the UI, I’d be nice if all the fields present in the UI also reflected their meaning in the context of TOR (rather than generic SOCKS5) if that was selected.
TBH, changing the UI requires more work than filling or hiding text boxes. The user/pass boxes represent the data that is sent by the proxy.ProxyInfo API. What TOR does with the data that is sent as username & password is beyond the scope of the API.
It seems TOR & TOR Browser support username/password
Socks5Proxy 10.0.0.1:1080
Socks5ProxyUsername myuser
Socks5ProxyPassword mypass
@erosman: That documentation is for how the TOR node (or TOR browser with its internal TOR node) connects to the Internet, not for how your browser connects to the TOR node. Apparently TOR browser reuses the Firefox proxy settings for this, but that doesn’t mean anything since all connections from TOR browser go through its TOR node first before they go anywhere else (anything else is considered a serious bug by the devs there).
That VPN provider you linked uses this to easily allow setting up a TOR over VPN setup that some people like to use to hide the fact that they use TOR from their ISP. (Probably stupid in most cases, but VPN providers are very creative at convincing their users that they’re useful…) It has nothing to do how Firefox/Chromium with FoxyProxy or the TOR browser will connect to the locally running TOR node.
Is that to say TOR never uses username/password? Where can I read more about “Context Identifier” in TOR?
I am not sure how Firefox sends these data via socks. The API calls them username/password. https://searchfox.org/mozilla-central/source/toolkit/components/extensions/ProxyChannelFilter.sys.mjs#52-71
The TOR NODE only accepts a username/password for stream isolation, it may however be configured to send a username/password to an upstream Socks/HTTP proxy. The upstream Socks/HTTP proxy used by the TOR NODE is not visible or configured by FoxyProxy. The username/password entered into FoxyProxy is the one used by the TOR NODE for stream isolation.
The TOR BROWSER on the other hand only offers the option to configure the TOR NODE to send a username/password configuration to an upstream Socks/HTTP proxy, not the username/password combination sent to its internal TOR NODE, from what I can tell. At least that this definitely what your screenshot/guide is talking about.
I am not sure what setting the username/password would do when FoxyProxy is installed into the TOR BROWSER or whether FoxyProxy will work in the TOR BROWSER at all.
Note also that TOR BROWSER uses patched FIREFOX code. What you find in SearchFox may be different from the TOR BROWSER is using.
In the context of TOR, the sent username and password fields are not used for authentication (as their name would imply) but instead cause the TOR daemon to use independently established network paths for each username/password combination it receives. When combined with other client isolation features (such as Firefox Containers), this allows visiting the same website in a way that makes it very hard for the remote site to know that the requests originated from the same client.
Since FoxyProxy now already distinguishes between SOCKS5 and TOR in its UI, I’d think its not unreasonable also change the presentation of the username and password fields to something that aligns with their actual meaning in this context: a single field allowing to set an “context identifier”.
Implementation-wise this would probably just be the username-field, but renamed, with the password-field hidden and being set to the same value as the username-field on save.