abacus.01@xxxxxxxxxxxx wrote: > Does that mean one theoretically had to deinstall > Flash before surfing with Tor? Not to install Flash in the first place would be an even better idea. > The same question applies to Windows Media Player on > the Mac, this is not secure to surf > with, is it? Is a deinstallation also required before > achieving an acceptable security level? Depends on what kind of security you are talking about. I read several Privoxy problem reports about Windows Media Player ignoring the proxy settings and calling out directly, but you could use a transparent proxy to force Windows Media Player to use Tor. Of course Windows Media Player could still send private information through Tor, so yes, if you don't trust Windows Media Player to behave, you probably should delete or at least disable it. > Given the fact, that more and more parts of the web > rely increasingly on Java/Javascript > and multimedia enhanced features, are security related > efforts not really a rearguard > action? I disabled JavaScript years ago and don't have the impression that it's getting harder to surf without it. > Besides the problems of traceabilty that might result > for Tor if one uses Java/Javascript, > could it be a reasonable strategy to add a layer of > obfuscation by employing second and > third operating systems via emulation (e.g. inside a > otherwise inaccessible truecrypt > partition (which is not yet feasible on the mac)? It certainly would improve security, but if you just want to hide your IP address, a proper firewall configuration should be good enough (provided your on a private LAN and Java only sees your private LAN IP). You could use chroot, jails or systrace (if MacOS offers one them) to make sure the browser doesn't broadcast your mails. I also don't understand why you would want to encrypt the partition of the emulated OS. The goal is to secure the host system from the browser, not the other way around. Fabian -- http://www.fabiankeil.de/
Attachment:
signature.asc
Description: PGP signature