Tor,security and web-usability - Sorry, now readable with line-breaks...
Ringo Kamens
2600denver at gmail.com
Tue Jun 13 11:35:49 UTC 2006
You should have a firewall set up that only lets firefox/privoxy connect to
127.0.0.1, that way you can be sure it isn't leaking anything.
On 6/13/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:
>
> abacus.01 at mailnull.com wrote:
>
> > Does that mean one theoretically had to deinstall
> > Flash before surfing with Tor?
>
> Not to install Flash in the first place would be
> an even better idea.
>
> > The same question applies to Windows Media Player on
> > the Mac, this is not secure to surf
> > with, is it? Is a deinstallation also required before
> > achieving an acceptable security level?
>
> Depends on what kind of security you are talking about.
> I read several Privoxy problem reports about
> Windows Media Player ignoring the proxy settings
> and calling out directly, but you could use a
> transparent proxy to force Windows Media Player
> to use Tor.
>
> Of course Windows Media Player could still send private
> information through Tor, so yes, if you don't
> trust Windows Media Player to behave, you probably
> should delete or at least disable it.
>
> > Given the fact, that more and more parts of the web
> > rely increasingly on Java/Javascript
> > and multimedia enhanced features, are security related
> > efforts not really a rearguard
> > action?
>
> I disabled JavaScript years ago and don't have
> the impression that it's getting harder to surf
> without it.
>
> > Besides the problems of traceabilty that might result
> > for Tor if one uses Java/Javascript,
> > could it be a reasonable strategy to add a layer of
> > obfuscation by employing second and
> > third operating systems via emulation (e.g. inside a
> > otherwise inaccessible truecrypt
> > partition (which is not yet feasible on the mac)?
>
> It certainly would improve security, but if you just want
> to hide your IP address, a proper firewall configuration
> should be good enough (provided your on a private LAN
> and Java only sees your private LAN IP). You could use
> chroot, jails or systrace (if MacOS offers one them) to
> make sure the browser doesn't broadcast your mails.
>
> I also don't understand why you would want to encrypt
> the partition of the emulated OS. The goal is to secure
> the host system from the browser, not the other way
> around.
>
> Fabian
> --
> http://www.fabiankeil.de/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060613/a8e6628e/attachment.htm>
More information about the tor-talk
mailing list