[tor-talk] TBB, iptables, and seperation of concerns

Chris tmail299 at errtech.com
Mon Dec 12 08:35:01 UTC 2011

>> If you are forced to boot off an external medium that is a secured
>> environment this is unlikely to occur.
> Yeah, but for that the Tails distribution exists http://tails.boum.org/ .
> I've been saying about making "app-protection" against possible attacks
> to the Browser and it's components, mitiganting it by sandboxing
> automatically with a general framework that would limit:
> - file system access
> - socket access
> - dangerous's OS API

Yea. Those are good too.

People say to use Tails all the time and I cringe every time. There are
many user related problems with Tails. It isn't that great.

1. A user should not have to download a CD from a site every time an
update comes out.

2. Users should not need to know how to authenticate the download (each
update to TBB or Tails)- while nice users aren't competent enough to do in
practice and the difficult in doing it makes it unlikely even those who
know how may not do it. So we should avoid making the user do the
authentication at all. That can be done if there is a distribution that is
installed. Authentication of updates is already built into apt. Lets use
it. Install once and forget.

3. Does tails prevent non-Tor communications? I was reading something
which suggested it was an idea. If it is an idea chances are it isn't

More information about the tor-talk mailing list