[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor,security and web-usability

abacus.01@xxxxxxxxxxxx writes:

> Besides the problems of traceabilty that might result for Tor if
> one uses Java/Javascript, could it be a reasonable strategy to add
> a layer of obfuscation by employing second and third operating
> systems via emulation (e.g. inside a otherwise inaccessible truecrypt
> partition (which is not yet feasible on the mac))?

Yes, or you could run a standardized live CD (something which there are
efforts to produce).  The live CD would tend to conceal your native OS
and browser version because all live CD users would have the same OS
and browser.

However, the privacy risk to your real IP address still exists with a
live CD.  Emulation might do better there, because the emulator could
provide an emulated private IP address and conceivably hide everything
unique about your computer from the programs running in the emulator.

Emulation and sandboxing for privacy are a good project; they potentially
need to work in two directions:

(1) Confining the browser and applets to prevent them from discovering
    local unique or private information (like non-anonymized cookies,
    files on disk, host OS version, processor serial number, MAC address,
    IP address, etc., etc.).  [If they could learn this information, they
    might communicate it in-band over an anonymized Tor circuit.]

(2) Confining the browser and applets to prevent them from communicating
    otherwise than through Tor (to prevent them from directly generating
    any network packets).  [These packets could be observed and correlated
    with the anonymized browsing activity, and they would reveal, at least,
    the user's true, non-anonymized IP address.]

> Sorry, if this all sounds convoluted, I somehow just want to appraise the scope of this gargantuan (or sisyphusian (is there a word like this?) task.

That word is "Sisyphean".  In gdict:

 From The Collaborative International Dictionary of English v.0.48 [gcide]:

  Sisyphean \Sis`y*phe"an\, a.
     Relating to Sisyphus; incessantly recurring; as, Sisyphean
     [1913 Webster]

 From WordNet (r) 2.0 [wn]:

       adj 1: of or relating to Sisyphus
       2: both extremely effortful and futile

Seth Schoen
Staff Technologist                                schoen@xxxxxxx
Electronic Frontier Foundation                    http://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     1 415 436 9333 x107