[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Any way to secure/anonymize ALL traffic?



On 12/22/10 17:10, Praedor Atrebates wrote:
> Could one setup a VM with some arbitrary timezone for it alone and
> run tor and bind there so that flash and javascript cannot get such
> info as local timezone, etc?  Would it be possible to have the VM
> change timezone in some random/semi-random fashion so that any
> timezone (and other) info that could be otherwise acquired would be
> just as unreliable an identifier of your system/location as
> information acquired from a tor session?  Then, even if flash or
> javascript did try to pull information outside tor it would be
> totally bogus and ever-changing.  It would still be nice to be able
> to squelch any attempt by flash to find your REAL IP address by
> forcing it to ALWAYS exit via tor no matter what.
>

Yes.   Feed the VM either random, or standardized (every TOR VM has the
same "fingerprint") data.

As mentioned earlier, a firewall (in this case within the VM) can block
all connections, except between TOR and TOR entry modes; the VM
insulates any unique user info from a roving plugin/extension. The VM
also protects the host, should the application within be compromised
(e.g. memory attack).

JAVA is capable of more identity-revealing mischief than JS; within a VM
you could safely run even JAVA.

HTH

***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/