That is correct. But software not designed for SOCKS5 shouldn't claim to, and if it does you should consider that a supply chain attack.
No modern browser does so, and I'm including w3m in that.
Your favourite web browser will NOT leak a list of websites you visited and thought were private if you found a SOCKS5 option and put "127.0.0.1:9050" in it.
Other software may. The correct answer is to zap the dev until they agree to add SOCKS5 support.
If they won't,
torsocks gossip
Will override the system hooks and use SOCKS5 anyway.
proxychains4 gossip
will too, with the option of chaining another proxy in front of Tor.
System daemons not SOCKSified can also leak a limited set of metadata. A global observer or a malicious package repo could infer which version of particular software you are using.
Whonix, of course, Torifies all non-Tor traffic automatically with no chance of a manual screwup.
But the situation you outlined of websites visited leaking from a browser? No it won't, unless you've been pwned.
Use Whonix anyway if reasonable practical.
Low Information Voter
npub149…tzmp0
2024-05-05 07:15:26
in reply to nevent1q…ewxr
Author Public Key
npub1494rtg3ygq4cqawymgs0q3mcj6hucvu4kmadv03s5ey2sg32df5shtzmp0Published at
2024-05-05 07:15:26Event JSON
{
"id": "451899aeba09e97c9523cfcedebad3d6bbefed1aa86ce1da292b3d8824799848",
"pubkey": "a96a35a224402b8075c4da20f0477896afcc3395b6fad63e30a648a8222a6a69",
"created_at": 1714893326,
"kind": 1,
"tags": [
[
"e",
"3731255ac3fe6244b5aaca79ef50feba51f1566fba95f0b375dcbd5753620119",
"",
"root"
],
[
"e",
"25de75dfc1848155618de5b5718d6dc4bf018bbc70bc1547a9f7cd51c69c6c2f"
],
[
"e",
"13b3fd68767c3058efb513612f7da5058ab4721bfec9a5ae37fe115996386070",
"",
"reply"
],
[
"p",
"a96a35a224402b8075c4da20f0477896afcc3395b6fad63e30a648a8222a6a69"
],
[
"p",
"c141120a216331099f7450b05441ac3040dcf71a8393e42a0684dbe7535c7f4d"
],
[
"p",
"ee11a5dff40c19a555f41fe42b48f00e618c91225622ae37b6c2bb67b76c4e49"
]
],
"content": "That is correct. But software not designed for SOCKS5 shouldn't claim to, and if it does you should consider that a supply chain attack. \n\nNo modern browser does so, and I'm including w3m in that.\n\nYour favourite web browser will NOT leak a list of websites you visited and thought were private if you found a SOCKS5 option and put \"127.0.0.1:9050\" in it.\n\nOther software may. The correct answer is to zap the dev until they agree to add SOCKS5 support. \n\nIf they won't,\n\ntorsocks gossip\n\nWill override the system hooks and use SOCKS5 anyway.\n\nproxychains4 gossip \n\nwill too, with the option of chaining another proxy in front of Tor.\n\nSystem daemons not SOCKSified can also leak a limited set of metadata. A global observer or a malicious package repo could infer which version of particular software you are using.\n\nWhonix, of course, Torifies all non-Tor traffic automatically with no chance of a manual screwup.\n\nBut the situation you outlined of websites visited leaking from a browser? No it won't, unless you've been pwned. \n\nUse Whonix anyway if reasonable practical.",
"sig": "def7a2ed690e805621099a4cbf7026d0cae7852ccec59ed03b42700975a71bb62184d07f7de4e16e6686b9089bd6560ef54071662f6f39b9267338bdbfbd2d8d"
}