Re: Google's Chrome Web Browser and Tor

To: or-talk@xxxxxxxxxxxxx

Subject: Re: Google's Chrome Web Browser and Tor

From: "Kyle Williams" <kyle.kwilliams@xxxxxxxxx>

Date: Fri, 5 Sep 2008 12:27:45 -0700

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Fri, 05 Sep 2008 15:27:50 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=ywszODJhfy5e8ITv/8+g2iVVsFX0wR2BHvrG4NPyqVk=; b=ZrJRK/lixLh7i7+ln34fKMQ5ApII9OnujAXFtYzcjgCYgLzdyGTSjcW8pBpRmT7+X6 Oo2kK4jioBlJ0xIDXqrrZXMJp5IU5Nt1qwEb7Z5D3Bx837NGbZs/nZZsFZu0CZHBL2UL tqWvbE8Zmz3XjvGucuFhqqKqWqx4rUfHK5Eoo=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=j5WaRr/dknnYigt0YFGwHIWPPikwE7gl1tsQDW6wd1THvW0MjR4ZjCDdnKe474Q7ZY O0i31Fe3R7EC28kqkl0xMAtIRAd6dGSUk4A38kaVzY6+vCGvEFmRnGoXtJcBOoP7GWgn qZ0JMa2KXDotrCRGAK1xEMZi/deJt+1WeU9dk=

In-reply-to: <e692861c0809050848m543a0f14m427073cfe653828c@xxxxxxxxxxxxxx>

References: <21f144250809041520v7d67cc3fu1baec2f490600f79@xxxxxxxxxxxxxx> <20080905150839.GL8901@xxxxxxxxxxxxxx> <e692861c0809050848m543a0f14m427073cfe653828c@xxxxxxxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

On Fri, Sep 5, 2008 at 8:48 AM, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:

On Fri, Sep 5, 2008 at 11:08 AM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:
> I dig what I've heard of the Chrome architecture, but it seems clear
> that, like every other consumer browser, it's not suitable for
> anonymous browsing out-of-the-box. The real question will be how easy
> it is to adapt it to be safe. Torbutton, for instance, has proven to
> take some pretty extreme hackery to try to shut down all of Firefox's
> interesting leaks. If it turned out to be (say) an order of magnitude
> easier to extend Chrome to be anonymity-friendly, that would be pretty
> awesome. We'll see, I guess.

[snip]

Why aren't more people using virtual machines for anonymous browsing?

If your VM can't access the outside world except via TOR, and it has
no knowledge of the outside world information (because TOR itself is
running on the real machine) then pretty much all possible leaks are
closed and you're only vulnerable to leakage between multiple
anonymous things. Very simple, very clean.

You sir are spot on! Multiple VMs is the way to go. :)