On Thursday 2 June, 2011 09:53:05 Javier Bassi wrote: > On Thu, Jun 2, 2011 at 12:52 PM, <t...@lists.grepular.com> wrote: > > "If Tor has vulnerabilities, it might get exploited!" > > > > Of course, you can replace "Tor" with any other application name. Tor is > > not special in this regard. > > Yeah, thats why I found his argument strange and said 'I think he's > trying to say' although maybe he's not. But if he is, then a browser > or any app that use Internet is as 'insecure' as Tor.
'If I take cash with me I might misplace it, so I should never carry any cash.' 'If I drive a car I might have an accident, so I should never drive a car.' Diluting the question with equivocation does not reduce the value of securing Tor. The case is, I have no other out-looking daemons, so this is very relevant to me. To those who don't care or are frightened by this discussion please ignore this subject. I see now that few here have actually considered this question before. There's a good deal of trust going on, which seems to be well-placed given the apparent infrequency of attack. That's a good thing, but I come from an intel background and I prefer to secure. It's why I've run Debian for 14 years. For those interested, so far my best idea is running the daemon in a VirtualBox VM running SELinux as guest, and bridged to the outside. This should substantially solve most problems except membership in the local LAN. If only consumer-grade routers had VLan, although routers aren't necessarily secure. Maybe a switch on the WAN side of the router, to flange the LAN and Tor interface together in a class C different from the LAN. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
