[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor,security and web-usability - Sorry, now readable with line-breaks...
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor,security and web-usability - Sorry, now readable with line-breaks...
- From: "Ringo Kamens" <2600denver@xxxxxxxxx>
- Date: Mon, 12 Jun 2006 19:28:54 -0700
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Mon, 12 Jun 2006 22:29:07 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=Xs44Dv2aAcYszyfrIzmXf/vtKBYgCJe/hc7Qdauqz4fiE57xgemWodU0RV1VuwneM6wcHSCgGcB6RmR4k5q5YVUy6byB1CAmz7S0m+AhAfPM5rXZbHxWEyYQ+bKE+KrOHjT/TGZLXf009FYSDypTliMC3bmOFrEr7S8Kso1NXz4=
- In-reply-to: <m1Fpy4S-004ykuC@outside.256.com>
- References: <m1Fpy4S-004ykuC@outside.256.com>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
For non-script email, you could use safe-mail.net. The noscript extension for firefox kills flash. The operating system obsfucation through virtual machines is a waste of CPU power. Just spoof the information using something like privoxy. Besides, the OS isn't really that bad. You should be more concerned about getting a exploit embedded in a page that violates your security and uploads your hard drive to a remote server or a tempest-like attack.
On 6/12/06, abacus.01@xxxxxxxxxxxx <abacus.01@xxxxxxxxxxxx> wrote:
first I want to say thanks for this great programme
and that you tolerate my Mac-security related
for Tor´s security provisions. Though
appropriate way to quickly kill Flash, neither
in Firefox nor any other browser, most Flash-sites
show up on my OSX just fine even
without any Java.
Does that mean one theoretically had to deinstall
Flash before surfing with Tor?
The same question applies to Windows Media Player on
the Mac, this is not secure to surf
with, is it? Is a deinstallation also required before
achieving an acceptable security level?
The next question is related to these problems: if I
want to create an email-account with
any of the big free webbased mail-services I know, I
on, otherwise the configurations will fail. I
understand that configurating, e.g. Yahoo with
on, renders Tor´s efforts null and
void. I could as well surf openly to Yahoo like say 10
Does anybody know of a web-based mail-service, that
during configuration or use? Or do I have to accept
that I also have to use some remailer to
reduce traceability to a secure amount?
Finally, if I go to pages like
http://gemal.dk/browserspy/, I could really get
despair of security. While the useragent could be
partly be faked and randomly changed
with tools like Fabian Keil´s great uagen.pl , an
the flash detection at
gemal.dk/browserspy/ e.g. still
reveals not only the Flash version but
also my Operating System and its version. This works
Given the fact, that more and more parts of the web
and multimedia enhanced features, are security related
efforts not really a rearguard
Besides the problems of traceabilty that might result
could it be a reasonable strategy to add a layer of
obfuscation by employing second and
third operating systems via emulation (e.g. inside a
otherwise inaccessible truecrypt
partition (which is not yet feasible on the mac)?
Sorry, if this all sounds convoluted, I somehow just
want to appraise the scope of this
sisyphus task. Thanks in advance and all the best for
This message was sent from a MailNull anti-spam account. You can get
your free account and take control over your email by visiting the