[tor-talk] Flash, Linux and Tor
adrelanos
adrelanos at riseup.net
Fri Oct 12 13:12:53 UTC 2012
Raviji:
> On Fri, 12 Oct 2012 11:38:34 +0000
> adrelanos <adrelanos at riseup.net> wrote:
>
>> Outlaw:
>>> Hi! Let`s say main linux user A is cut off from Internet with iptables,
>>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor
>>> (which is started by B) with socks and turn on flash plugin, is there
>>> any security/anonimity leak in this scheme? Thank you.
>>
>> If you ever use or used Flash without Tor, your Tor session can likely
>> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
>> fonts, os, kernel, dpi, etc.)
>>
>> I believe my project Whonix is currently the safest method to use Flash.
>> IP/DNS/location remains safe, but Flash usage will always be only
>> pseudonymous rather than anonymous. Linking your sessions will be
>> limited to your activity inside the Workstation. Details:
>
> whonix is nice, but heavier on system with virtual box.
Indeed, thats a major drawback. Thought with some tweaking you could
switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements
to ~400MB or so.
> Where a system wide tor enforcement is a good alternative.
> It is possible with iptables. We might think about a service,
> when start do system wide tor enforcement, when stop revert back
> the system to normal mode.
>
> Though I am not successful yet to exclude the lan from this enforcement,
> as I need to access some local IP directly. I need some more understanding
> with iptables. Can anyone help me with the iptables please ?
Did you read my first sentence in my first reply?
"If you ever use or used Flash without Tor, your Tor session can likely
be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
fonts, os, kernel, dpi, etc.)"
If you want to go this way, I'd strongly recommend a dedicated operating
system installation just for that use case.
And by the way, a socksifier is not a jail. Flash could use some
"special" methods to connect and still connect directly without Tor.
For example the IPv6 leak bug...
https://trac.torproject.org/projects/tor/wiki/doc/torsocks#WorkaroundforIPv6leakbug
More information about the tor-talk
mailing list