Tor,security and web-usability - Sorry, now readable with line-breaks...
freebsd-listen at fabiankeil.de
Tue Jun 13 10:33:43 UTC 2006
abacus.01 at mailnull.com wrote:
> Does that mean one theoretically had to deinstall
> Flash before surfing with Tor?
Not to install Flash in the first place would be
an even better idea.
> The same question applies to Windows Media Player on
> the Mac, this is not secure to surf
> with, is it? Is a deinstallation also required before
> achieving an acceptable security level?
Depends on what kind of security you are talking about.
I read several Privoxy problem reports about
Windows Media Player ignoring the proxy settings
and calling out directly, but you could use a
transparent proxy to force Windows Media Player
to use Tor.
Of course Windows Media Player could still send private
information through Tor, so yes, if you don't
trust Windows Media Player to behave, you probably
should delete or at least disable it.
> Given the fact, that more and more parts of the web
> and multimedia enhanced features, are security related
> efforts not really a rearguard
the impression that it's getting harder to surf
> Besides the problems of traceabilty that might result
> could it be a reasonable strategy to add a layer of
> obfuscation by employing second and
> third operating systems via emulation (e.g. inside a
> otherwise inaccessible truecrypt
> partition (which is not yet feasible on the mac)?
It certainly would improve security, but if you just want
to hide your IP address, a proper firewall configuration
should be good enough (provided your on a private LAN
and Java only sees your private LAN IP). You could use
chroot, jails or systrace (if MacOS offers one them) to
make sure the browser doesn't broadcast your mails.
I also don't understand why you would want to encrypt
the partition of the emulated OS. The goal is to secure
the host system from the browser, not the other way
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: not available
More information about the tor-talk