Any way to secure/anonymize ALL traffic?
7v5w7go9ub0o
7v5w7go9ub0o at gmail.com
Thu Dec 23 00:55:25 UTC 2010
On 12/22/10 17:10, Praedor Atrebates wrote:
> Could one setup a VM with some arbitrary timezone for it alone and
> run tor and bind there so that flash and javascript cannot get such
> info as local timezone, etc? Would it be possible to have the VM
> change timezone in some random/semi-random fashion so that any
> timezone (and other) info that could be otherwise acquired would be
> just as unreliable an identifier of your system/location as
> information acquired from a tor session? Then, even if flash or
> javascript did try to pull information outside tor it would be
> totally bogus and ever-changing. It would still be nice to be able
> to squelch any attempt by flash to find your REAL IP address by
> forcing it to ALWAYS exit via tor no matter what.
>
Yes. Feed the VM either random, or standardized (every TOR VM has the
same "fingerprint") data.
As mentioned earlier, a firewall (in this case within the VM) can block
all connections, except between TOR and TOR entry modes; the VM
insulates any unique user info from a roving plugin/extension. The VM
also protects the host, should the application within be compromised
(e.g. memory attack).
JAVA is capable of more identity-revealing mischief than JS; within a VM
you could safely run even JAVA.
HTH
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list