Tor,security and web-usability

Seth David Schoen schoen at eff.org
Tue Jun 13 01:10:03 UTC 2006


abacus.01 at mailnull.com writes:

> Besides the problems of traceabilty that might result for Tor if
> one uses Java/Javascript, could it be a reasonable strategy to add
> a layer of obfuscation by employing second and third operating
> systems via emulation (e.g. inside a otherwise inaccessible truecrypt
> partition (which is not yet feasible on the mac))?

Yes, or you could run a standardized live CD (something which there are
efforts to produce).  The live CD would tend to conceal your native OS
and browser version because all live CD users would have the same OS
and browser.

However, the privacy risk to your real IP address still exists with a
live CD.  Emulation might do better there, because the emulator could
provide an emulated private IP address and conceivably hide everything
unique about your computer from the programs running in the emulator.

Emulation and sandboxing for privacy are a good project; they potentially
need to work in two directions:

(1) Confining the browser and applets to prevent them from discovering
    local unique or private information (like non-anonymized cookies,
    files on disk, host OS version, processor serial number, MAC address,
    IP address, etc., etc.).  [If they could learn this information, they
    might communicate it in-band over an anonymized Tor circuit.]

(2) Confining the browser and applets to prevent them from communicating
    otherwise than through Tor (to prevent them from directly generating
    any network packets).  [These packets could be observed and correlated
    with the anonymized browsing activity, and they would reveal, at least,
    the user's true, non-anonymized IP address.]

> Sorry, if this all sounds convoluted, I somehow just want to appraise the scope of this gargantuan (or sisyphusian (is there a word like this?) task.

That word is "Sisyphean".  In gdict:

 From The Collaborative International Dictionary of English v.0.48 [gcide]:

  Sisyphean \Sis`y*phe"an\, a.
     Relating to Sisyphus; incessantly recurring; as, Sisyphean
     labors.
     [1913 Webster]

 From WordNet (r) 2.0 [wn]:

  Sisyphean
       adj 1: of or relating to Sisyphus
       2: both extremely effortful and futile

-- 
Seth Schoen
Staff Technologist                                schoen at eff.org
Electronic Frontier Foundation                    http://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110     1 415 436 9333 x107



More information about the tor-talk mailing list