You should have a firewall set up that only lets firefox/privoxy connect to <a href="http://127.0.0.1">127.0.0.1</a>, that way you can be sure it isn't leaking anything.<br><br>
<div><span class="gmail_quote">On 6/13/06, <b class="gmail_sendername">Fabian Keil</b> <<a href="mailto:freebsd-listen@fabiankeil.de">freebsd-listen@fabiankeil.de</a>> wrote:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid"><a href="mailto:abacus.01@mailnull.com">abacus.01@mailnull.com</a> wrote:<br><br>> Does that mean one theoretically had to deinstall
<br>> Flash before surfing with Tor?<br><br>Not to install Flash in the first place would be<br>an even better idea.<br><br>> The same question applies to Windows Media Player on<br>> the Mac, this is not secure to surf
<br>> with, is it? Is a deinstallation also required before<br>> achieving an acceptable security level?<br><br>Depends on what kind of security you are talking about.<br>I read several Privoxy problem reports about
<br>Windows Media Player ignoring the proxy settings<br>and calling out directly, but you could use a<br>transparent proxy to force Windows Media Player<br>to use Tor.<br><br>Of course Windows Media Player could still send private
<br>information through Tor, so yes, if you don't<br>trust Windows Media Player to behave, you probably<br>should delete or at least disable it.<br><br>> Given the fact, that more and more parts of the web<br>> rely increasingly on Java/Javascript
<br>> and multimedia enhanced features, are security related<br>> efforts not really a rearguard<br>> action?<br><br>I disabled JavaScript years ago and don't have<br>the impression that it's getting harder to surf
<br>without it.<br><br>> Besides the problems of traceabilty that might result<br>> for Tor if one uses Java/Javascript,<br>> could it be a reasonable strategy to add a layer of<br>> obfuscation by employing second and
<br>> third operating systems via emulation (e.g. inside a<br>> otherwise inaccessible truecrypt<br>> partition (which is not yet feasible on the mac)?<br><br>It certainly would improve security, but if you just want
<br>to hide your IP address, a proper firewall configuration<br>should be good enough (provided your on a private LAN<br>and Java only sees your private LAN IP). You could use<br>chroot, jails or systrace (if MacOS offers one them) to
<br>make sure the browser doesn't broadcast your mails.<br><br>I also don't understand why you would want to encrypt<br>the partition of the emulated OS. The goal is to secure<br>the host system from the browser, not the other way
<br>around.<br><br>Fabian<br>--<br><a href="http://www.fabiankeil.de/">http://www.fabiankeil.de/</a><br><br><br></blockquote></div><br>