[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor,security and web-usability - Sorry, now readable with line-breaks...
Hello,
first I want to say thanks for this great programme
and that you tolerate my Mac-security related
questions. I read that Javascript and Flash are bad
for Tor´s security provisions. Though
quitting Javascript is easy, I have not found the
appropriate way to quickly kill Flash, neither
in Firefox nor any other browser, most Flash-sites
show up on my OSX just fine even
without any Java.
Does that mean one theoretically had to deinstall
Flash before surfing with Tor?
The same question applies to Windows Media Player on
the Mac, this is not secure to surf
with, is it? Is a deinstallation also required before
achieving an acceptable security level?
The next question is related to these problems: if I
want to create an email-account with
any of the big free webbased mail-services I know, I
HAVE to switch Java and Javascript
on, otherwise the configurations will fail. I
understand that configurating, e.g. Yahoo with
Tor enabled and the required Java/Javascript turned
on, renders Tor´s efforts null and
void. I could as well surf openly to Yahoo like say 10
years ago.
Does anybody know of a web-based mail-service, that
does not require Java/Javascript
during configuration or use? Or do I have to accept
that I also have to use some remailer to
reduce traceability to a secure amount?
Finally, if I go to pages like
http://gemal.dk/browserspy/, I could really get
paranoid or
despair of security. While the useragent could be
partly be faked and randomly changed
with tools like Fabian Keil´s great uagen.pl , an
automatic Firefox-User-Agent-Generator,
the flash detection at gemal.dk/browserspy/ e.g. still
reveals not only the Flash version but
also my Operating System and its version. This works
WITHOUT Java/Javascript enabled.
Given the fact, that more and more parts of the web
rely increasingly on Java/Javascript
and multimedia enhanced features, are security related
efforts not really a rearguard
action?
Besides the problems of traceabilty that might result
for Tor if one uses Java/Javascript,
could it be a reasonable strategy to add a layer of
obfuscation by employing second and
third operating systems via emulation (e.g. inside a
otherwise inaccessible truecrypt
partition (which is not yet feasible on the mac)?
Sorry, if this all sounds convoluted, I somehow just
want to appraise the scope of this
sisyphus task. Thanks in advance and all the best for
your work
Regards
----------
This message was sent from a MailNull anti-spam account. You can get
your free account and take control over your email by visiting the
following URL.
http://mailnull.com/