[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge

On Thursday 2 June, 2011 09:53:05 Javier Bassi wrote:
> On Thu, Jun 2, 2011 at 12:52 PM,  <tor@xxxxxxxxxxxxxxxxxx> wrote:
> > "If Tor has vulnerabilities, it might get exploited!"
> >
> > Of course, you can replace "Tor" with any other application name. Tor is
> > not special in this regard.
> Yeah, thats why I found his argument strange and said 'I think he's
> trying to say' although maybe he's not. But if he is, then a browser
> or any app that use Internet is as 'insecure' as Tor.

'If I take cash with me I might misplace it, so I should never carry any cash.'  'If I drive a car I might have an accident, so I should never drive a car.'

Diluting the question with equivocation does not reduce the value of securing Tor.  The case is, I have no other out-looking daemons, so this is very relevant to me.  To those who don't care or are frightened by this discussion please ignore this subject.

I see now that few here have actually considered this question before.  There's a good deal of trust going on, which seems to be well-placed given the apparent infrequency of attack.  That's a good thing, but I come from an intel background and I prefer to secure.  It's why I've run Debian for 14 years.

For those interested, so far my best idea is running the daemon in a VirtualBox VM running SELinux as guest, and bridged to the outside.  This should substantially solve most problems except membership in the local LAN.  

If only consumer-grade routers had VLan, although routers aren't necessarily secure.  Maybe a switch on the WAN side of the router, to flange the LAN and Tor interface together in a class C different from the LAN.

tor-talk mailing list