[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] TBB, iptables, and seperation of concerns
- To: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-talk] TBB, iptables, and seperation of concerns
- From: "Chris" <tmail299@xxxxxxxxxxx>
- Date: Mon, 12 Dec 2011 03:35:01 -0500
- Authentication-results: smtp01.embarq.synacor.com smtp.user=gilbertewaid; auth=pass (LOGIN)
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Mon, 12 Dec 2011 03:35:20 -0500
- Importance: Normal
- In-reply-to: <4EE5B9D4.4070506@xxxxxxxxxxxxxxx>
- List-archive: <http://lists.torproject.org/pipermail/tor-talk>
- List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
- List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
- List-post: <mailto:tor-talk@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
- References: <1323634518.16365.140661010296925@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20111212053218.GL5287@xxxxxxxxxxxxxx> <024b8606b2c66e5b4da87f1efd42b8e4.squirrel@xxxxxxxxxxxxxxxx> <4EE5B4C8.8050109@xxxxxxxxxxxxxxx> <972d2adc97ce574fa228ff04e3d0c5a3.squirrel@xxxxxxxxxxxxxxxx> <4EE5B9D4.4070506@xxxxxxxxxxxxxxx>
- Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
- Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
- User-agent: SquirrelMail/1.4.21
- X_cmae_category: 0,0 Undefined,Undefined
>> If you are forced to boot off an external medium that is a secured
>> environment this is unlikely to occur.
>
> Yeah, but for that the Tails distribution exists http://tails.boum.org/ .
>
> I've been saying about making "app-protection" against possible attacks
> to the Browser and it's components, mitiganting it by sandboxing
> automatically with a general framework that would limit:
> - file system access
> - socket access
> - dangerous's OS API
Yea. Those are good too.
People say to use Tails all the time and I cringe every time. There are
many user related problems with Tails. It isn't that great.
1. A user should not have to download a CD from a site every time an
update comes out.
2. Users should not need to know how to authenticate the download (each
update to TBB or Tails)- while nice users aren't competent enough to do in
practice and the difficult in doing it makes it unlikely even those who
know how may not do it. So we should avoid making the user do the
authentication at all. That can be done if there is a distribution that is
installed. Authentication of updates is already built into apt. Lets use
it. Install once and forget.
3. Does tails prevent non-Tor communications? I was reading something
which suggested it was an idea. If it is an idea chances are it isn't
implemented.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk