For non-script email, you could use <a href="http://safe-mail.net">safe-mail.net</a>. The noscript extension for firefox kills flash. The operating system obsfucation through virtual machines is a waste of CPU power. Just spoof the information using something like privoxy. Besides, the OS isn't really that bad. You should be more concerned about getting a exploit embedded in a page that violates your security and uploads your hard drive to a remote server or a tempest-like attack.
<br><br>
<div><span class="gmail_quote">On 6/12/06, <b class="gmail_sendername"><a href="mailto:abacus.01@mailnull.com">abacus.01@mailnull.com</a></b> <<a href="mailto:abacus.01@mailnull.com">abacus.01@mailnull.com</a>> wrote:
</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">Hello,<br>first I want to say thanks for this great programme<br>and that you tolerate my Mac-security related
<br>questions. I read that Javascript and Flash are bad<br>for Torīs security provisions. Though<br>quitting Javascript is easy, I have not found the<br>appropriate way to quickly kill Flash, neither<br>in Firefox nor any other browser, most Flash-sites
<br>show up on my OSX just fine even<br>without any Java.<br><br>Does that mean one theoretically had to deinstall<br>Flash before surfing with Tor?<br>The same question applies to Windows Media Player on<br>the Mac, this is not secure to surf
<br>with, is it? Is a deinstallation also required before<br>achieving an acceptable security level?<br><br>The next question is related to these problems: if I<br>want to create an email-account with<br>any of the big free webbased mail-services I know, I
<br>HAVE to switch Java and Javascript<br>on, otherwise the configurations will fail. I<br>understand that configurating, e.g. Yahoo with<br>Tor enabled and the required Java/Javascript turned<br>on, renders Torīs efforts null and
<br>void. I could as well surf openly to Yahoo like say 10<br>years ago.<br>Does anybody know of a web-based mail-service, that<br>does not require Java/Javascript<br>during configuration or use? Or do I have to accept<br>
that I also have to use some remailer to<br>reduce traceability to a secure amount?<br><br>Finally, if I go to pages like<br><a href="http://gemal.dk/browserspy/">http://gemal.dk/browserspy/</a>, I could really get<br>paranoid or
<br>despair of security. While the useragent could be<br>partly be faked and randomly changed<br>with tools like Fabian Keilīs great uagen.pl , an<br>automatic Firefox-User-Agent-Generator,<br>the flash detection at <a href="http://gemal.dk/browserspy/">
gemal.dk/browserspy/</a> e.g. still<br>reveals not only the Flash version but<br>also my Operating System and its version. This works<br>WITHOUT Java/Javascript enabled.<br>Given the fact, that more and more parts of the web
<br>rely increasingly on Java/Javascript<br>and multimedia enhanced features, are security related<br>efforts not really a rearguard<br>action?<br><br>Besides the problems of traceabilty that might result<br>for Tor if one uses Java/Javascript,
<br>could it be a reasonable strategy to add a layer of<br>obfuscation by employing second and<br>third operating systems via emulation (e.g. inside a<br>otherwise inaccessible truecrypt<br>partition (which is not yet feasible on the mac)?
<br><br><br>Sorry, if this all sounds convoluted, I somehow just<br>want to appraise the scope of this<br>sisyphus task. Thanks in advance and all the best for<br>your work<br><br><br>Regards<br><br>----------<br>This message was sent from a MailNull anti-spam account. You can get
<br>your free account and take control over your email by visiting the<br>following URL.<br><br> <a href="http://mailnull.com/">http://mailnull.com/</a><br></blockquote></div><br>