[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Flash, Linux and Tor
Raviji:
> On Fri, 12 Oct 2012 11:38:34 +0000
> adrelanos <adrelanos@xxxxxxxxxx> wrote:
>
>> Outlaw:
>>> Hi! Let`s say main linux user A is cut off from Internet with iptables,
>>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor
>>> (which is started by B) with socks and turn on flash plugin, is there
>>> any security/anonimity leak in this scheme? Thank you.
>>
>> If you ever use or used Flash without Tor, your Tor session can likely
>> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
>> fonts, os, kernel, dpi, etc.)
>>
>> I believe my project Whonix is currently the safest method to use Flash.
>> IP/DNS/location remains safe, but Flash usage will always be only
>> pseudonymous rather than anonymous. Linking your sessions will be
>> limited to your activity inside the Workstation. Details:
>
> whonix is nice, but heavier on system with virtual box.
Indeed, thats a major drawback. Thought with some tweaking you could
switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements
to ~400MB or so.
> Where a system wide tor enforcement is a good alternative.
> It is possible with iptables. We might think about a service,
> when start do system wide tor enforcement, when stop revert back
> the system to normal mode.
>
> Though I am not successful yet to exclude the lan from this enforcement,
> as I need to access some local IP directly. I need some more understanding
> with iptables. Can anyone help me with the iptables please ?
Did you read my first sentence in my first reply?
"If you ever use or used Flash without Tor, your Tor session can likely
be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
fonts, os, kernel, dpi, etc.)"
If you want to go this way, I'd strongly recommend a dedicated operating
system installation just for that use case.
And by the way, a socksifier is not a jail. Flash could use some
"special" methods to connect and still connect directly without Tor.
For example the IPv6 leak bug...
https://trac.torproject.org/projects/tor/wiki/doc/torsocks#WorkaroundforIPv6leakbug
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk