[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor + SELinux sandbox = leak proof without VM overhead?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor + SELinux sandbox = leak proof without VM overhead?
From: "Geoff Down" <geoffdown@xxxxxxxxxxxx>
Date: Sun, 29 Aug 2010 21:00:55 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 29 Aug 2010 16:01:28 -0400
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:from:to:mime-version:content-transfer-encoding:content-type:in-reply-to:references:subject:date; s=smtpout; bh=vL0HCuUBfZOQDl37Y/lZ0PdyebI=; b=RCZ1x/Po4TH9bYZlGh1PX08kXsuBkpRWhBmUPASd8+XxY3oKfRSMK5LX07K5NFwy7PqKwPEKJx1iNrbiQ2z8DQpqjBU/LFMNVuVphAq/jKFt3XHGzI5jZH/67ZzWTmwNhTsTg7/KmwICCR8S7FJuluY/Xg9vFKse0fq+QtnWYG0=
In-reply-to: <8539tye5na.fsf@xxxxxxxx>
References: <AANLkTika511+Ps71qdpZBOSxcv77bW3c1giVQkHu5Dx-@xxxxxxxxxxxxxx> <8539tye5na.fsf@xxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Sun, 29 Aug 2010 00:25 +0200, "intrigeri" <intrigeri@xxxxxxxx> wrote:
> Hi,
> 
> Gregory Maxwell wrote (22 Aug 2010 00:55:49 GMT) :
> > I think it's obvious that the best way of using tor is running your
> > torrified apps in a VM which can only access the outside world via
> > TOR.
> 
> I doubt there is something like "the" best way of using Tor. One
> always needs to balance the risks vs. the efforts needed to get some
> protection against it. More practically speaking: there are use cases
> the Tor Browser Button is perfect for, but it cannot prevent every
> leakage of anonymity to local disks. Then come Tor-ified VM setups
> that protect users a bit more but still somehow rely on the host
> operating system. Then comes running a Tor-ified Live system such as
> T(A)ILS [1] on bare metal. Each situation has its best fit solution
> but I don't think one solution can be told to be best in any cases.
> 
>   [1] https://amnesia.boum.rog/
> 
 That would be '.org' :)
BTW is there somewhere from where the CACert root certificate (or
fingerprint) can be downloaded with protection from an SSL cert I
already trust? The above link, once corrected, generates an SSL warning.
GD

-- 
http://www.fastmail.fm - Same, same, but different...

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Tor + SELinux sandbox = leak proof without VM overhead?
  - From: intrigeri

References:
- Tor + SELinux sandbox = leak proof without VM overhead?
  - From: Gregory Maxwell
- Re: Tor + SELinux sandbox = leak proof without VM overhead?
  - From: intrigeri

Prev by Author: Exit poul censoring sites
Next by Author: Re: Cannot retrieve apt key from keyserver
Previous by thread: Re: Tor + SELinux sandbox = leak proof without VM overhead?
Next by thread: Re: Tor + SELinux sandbox = leak proof without VM overhead?
Index(es):
- Author
- Thread