[tor-talk] apt-get over tor

proper at secure-mail.biz proper at secure-mail.biz
Sun May 27 22:17:39 UTC 2012

My very first considerations...

> What are the dangers of using apt-get over Tor?
>  Is privoxy + Tor the safest way to go?

I don't think so.

> What attacks are possible?

1. Some are documented in the Torify HOWTO. [1]
2. Stale mirror attack. [2]
3. What kind of software you have installed. [2]

> Any idea
> if there a way to setup a iptables firewall to prevent leaks? I don't think
> it currently leaks although should there be a risk introduced in the future
> a firewall that could protect against it would be ideal I think.

TorBOX [3] uses apt-get and completely isolates it (two machines are used and one can only emit traffic through Tor). TorBOX also prevents some other leaks, such as time zone, etc. [7] See it as an example, you can rip off all concerns for your own needs.

Might also be a good idea to switch your circuit when using apt-get, see [5].

Perhaps you don't want to go so far and/or don't want to use multiple machines. In that case you need to do some guesswork and still can get started at the transparent proxy article. [4]

[1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO
[2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#encryptedupdatedownloadSECURITYWAITforfixupstreamORchangeoperatingsystem
[3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
[4] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
[5] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#Howtosafelyupdateusingapt-get
[6] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection
[7] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection

powered by Secure-Mail.biz - anonymous and secure e-mail accounts.

More information about the tor-talk mailing list