[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Vidalia+Tor separtely from TBB`s Firefox



Thus spake Greg Kalitnikoff (kalitnikoff@xxxxxxxxxxxxxxxx):

> Assumption: Modern linux distro. User A is default user. User Net and
> group Net are the only ones who is allowed to go to the Internet with
> iptables. User Tor is that which run TBB and he is in group Net.
> 
> Is it safe to run vidalia+tor as user Tor and "TB/App/Firefox/firefox
> --no-remte -profile TBProfile" as default user A? Does it break some
> security things? As I  understand so far from "The Design and
> Implementation of the Tor Browser", the only thing it could break in
> default behavior is "New identity" feature.

Yes, this should be fine. You will also get New Identity back if you
set the TOR_CONTROL_PASSWD and TOR_CONTROL_PORT environment variables
properly. I should probably document these two somewhere, as you're
not the first to ask about this sort of setup...

> P.S. Also reading https://www.torproject.org/projects/torbrowser/design/
> I found this: "Filter-based addons such as AdBlock Plus, Request Policy,
> Ghostery, Priv3, and Sharemenot are to be avoided." But here
> https://lists.torproject.org/pipermail/tor-talk/2011-November/022052.html
> we see Andrew Lewman`s "In my world, I'd replace noscript with
> requestpolicy". I`m a bit confused :-/

There should be no need to use filters to address 3rd party linkability
with a proper implementation of the requirements in
https://www.torproject.org/projects/torbrowser/design/#privacy

To my knowledge, the only remaining 3rd party direct linkability risk
is through HTTP Keepalive (Section 3.5.6), but this linkability is
limited to a 20 second window.

There is a risk of first party linkability through redirects (Section
3.5.7). This one will be harder to solve, but it is more noticable
attack.

There are also fingerprinting risks involving time that need to be
addressed (3.6.6 and 3.6.7), but the verdict is not in as to exactly
how much info these provide in practice. Regardless, we should also
have some level of mitigation in place for Tor Browser 2.3.x.

It is my opinion that these remaining threats do not justify the need
for filters, and that we should focus on eliminating these few
remaining issues rather than trying to design a filter mechanism that
isn't full of fail.

-- 
Mike Perry
Exterminate all dogma.
Permit no exceptions.

Attachment: pgp33abvFwwbz.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk