[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: BetterPrivacy - necessary?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: BetterPrivacy - necessary?
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Fri, 1 Oct 2010 21:58:56 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 01 Oct 2010 21:59:01 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=wKTbgOtUwRMwLtdJcgzxtGkHxSE0hokAh/9Mr2YC9aQ=; b=IcapUMMMufBkYb+11IZHxN7Z1S+6R1Y981gH81QFKrj4BNmW7th127nXQtMp4Q72D/ hcXvnIF2BHG22HDdQ4OuWqKy1E4rXQUOeVf3r9L0YrcU5NtPd6QKhF8MzKLBlzHpizyZ WQGve+fgFtcJBEiVeZrTT06ccjXkFj7+sdm8U=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=S4LzgNEl4U4IJCaISkl5U9CinOupF+7nb5bgbBqUEpf2AVwO4l630iqoVAHYtuX8TC fihEjXJ9CGRJ81anjwcfNUuYUvY8DWFgmoQwKTmDVmyeuBtpEjgCcNd9X7SIhnUA1b50 S9mJPt9gmrFeEYCwC5dVNg2T9wK44c/7kO3Ro=
In-reply-to: <20101001144856.1a34bace@xxxxxxxxx>
References: <4CA38336.8090105@xxxxxxxxx> <4CA41694.6060700@xxxxxxxxxxxxxx> <4CA652CC.2060203@xxxxxxxxx> <20101001144856.1a34bace@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

> I think Polipo was a better cache, and since an HTTP proxy can't filter
>  evil content out of HTTPS responses, Privoxy's filtering was not very
>  useful.

Note though that the definition of evil can be game changed
by running your instance inside a secure sandbox, behind a nat,
and minding your session data appropriately. With no access
to the rest of the system and no crosssite cookie/etc trails,
that's a good win. You're really only left with the case of a rogue
applet doing a 'whatismyip.com' to defeat your use of 1918 space
and then sending the result to whoever your adversary may be.
Depending on what the user is doing, that could be a big weakness
that warrants the tradeoff of disabling 'evil' features.

As usual, it would be awesome to have a tool that could de and re
encapsulate https so that proxies and caches could do their thing with it.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: BetterPrivacy - necessary?
  - From: Jim

References:
- Re: BetterPrivacy - necessary?
  - From: Matthew
- Re: BetterPrivacy - necessary?
  - From: Robert Ransom

Prev by Author: Re: ... identity key was not as expected:
Next by Author: Re: Me <-> Tor <-> VPN <-> Internet?
Previous by thread: Re: BetterPrivacy - necessary?
Next by thread: Re: BetterPrivacy - necessary?
Index(es):
- Author
- Thread