[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor,security and web-usability - Sorry, now readable with line-breaks...

You should have a firewall set up that only lets firefox/privoxy connect to, that way you can be sure it isn't leaking anything.

On 6/13/06, Fabian Keil <freebsd-listen@xxxxxxxxxxxxx> wrote:
abacus.01@xxxxxxxxxxxx wrote:

> Does that mean one theoretically had to deinstall
> Flash before surfing with Tor?

Not to install Flash in the first place would be
an even better idea.

> The same question applies to Windows Media Player on
> the Mac, this is not secure to surf
> with, is it? Is a deinstallation also required before
> achieving an acceptable security level?

Depends on what kind of security you are talking about.
I read several Privoxy problem reports about
Windows Media Player ignoring the proxy settings
and calling out directly, but you could use a
transparent proxy to force Windows Media Player
to use Tor.

Of course Windows Media Player could still send private
information through Tor, so yes, if you don't
trust Windows Media Player to behave, you probably
should delete or at least disable it.

> Given the fact, that more and more parts of the web
> rely increasingly on Java/_javascript_
> and multimedia enhanced features, are security related
> efforts not really a rearguard
> action?

I disabled _javascript_ years ago and don't have
the impression that it's getting harder to surf
without it.

> Besides the problems of traceabilty that might result
> for Tor if one uses Java/_javascript_,
> could it be a reasonable strategy to add a layer of
> obfuscation by employing second and
> third operating systems via emulation (e.g. inside a
> otherwise inaccessible truecrypt
> partition (which is not yet feasible on the mac)?

It certainly would improve security, but if you just want
to hide your IP address, a proper firewall configuration
should be good enough (provided your on a private LAN
and Java only sees your private LAN IP). You could use
chroot, jails or systrace (if MacOS offers one them) to
make sure the browser doesn't broadcast your mails.

I also don't understand why you would want to encrypt
the partition of the emulated OS. The goal is to secure
the host system from the browser, not the other way