6 comments

[ 2.6 ms ] story [ 17.7 ms ] thread
(assuming you only care about firefox, not email, dns lookups, chat, software updates, that script that calls wget or curl, your netflix live client, etc...)

Ugh.

If you're worried about security on your email or bank account or whatever, you need to use TLS whether you're at home, at work, or on an unencrypted WLAN. You still have a lot of risk at home and at work, since you don't have end-to-end control of a tcp request. And if you're doing that, a tunnel within a tunnel doesn't buy you anything.

If you're worried about people 'sniffing' traffic on a WLAN, and building up a profile on you that can somehow be used against you, you're better off using something like TOR instead of an Ad-Hoc web-only proxy. And even then you need to take a lot of care to make sure all of the web-enabled applications you use actually use the dang proxy.

This article is about being sure that (Firefox) traffic is being tunneled when you are on an unprotected WLAN, but I agree that taking extra measures such as using TLS/SSL where possible is also a good addition. However, because not all sites have support for TLS/SSL (e.g. HN), I think it is wise to tunnel all traffic since while the tunnel doesn't add much security to the already encrypted traffic, it still protects the otherwise unsecured traffic from being sniffed by someone else on the unprotected WLAN.

As for TOR, I have found it to generally be painfully slow but I must admit that I haven't tested it at all that much. Also, with clients such as Pidgin and Thunderbird, you can use a SOCKS5 proxy for chat and mail respectively.

Lastly, both Firefox and Thunderbird can be configured to do their DNS lookups through the SOCKS5 proxy.

But both the title and the summary claim that it secures your 'internet connection', not your 'firefox connection'. That's my big gripe with the article. And of course you can setup SOCKS5 proxies for all apps, but it'd be nice if the article mentioned it.
I agree that the way I phrased parts of the article may have been a little unfortunate, and that I should mention the possibility of using SOCKS5 for other applications as well - I'll edit the article accordingly as soon as possible after tumblr is accessible again. Thanks for the feedback.