Raviji: > On Fri, 12 Oct 2012 11:38:34 +0000 > adrelanos <adrela...@riseup.net> wrote: > >> Outlaw: >>> Hi! Let`s say main linux user A is cut off from Internet with iptables, >>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor >>> (which is started by B) with socks and turn on flash plugin, is there >>> any security/anonimity leak in this scheme? Thank you. >> >> If you ever use or used Flash without Tor, your Tor session can likely >> be linked to your non-Tor session. (Flash Cookies, browser fingerprint, >> fonts, os, kernel, dpi, etc.) >> >> I believe my project Whonix is currently the safest method to use Flash. >> IP/DNS/location remains safe, but Flash usage will always be only >> pseudonymous rather than anonymous. Linking your sessions will be >> limited to your activity inside the Workstation. Details: > > whonix is nice, but heavier on system with virtual box.
Indeed, thats a major drawback. Thought with some tweaking you could switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements to ~400MB or so. > Where a system wide tor enforcement is a good alternative. > It is possible with iptables. We might think about a service, > when start do system wide tor enforcement, when stop revert back > the system to normal mode. > > Though I am not successful yet to exclude the lan from this enforcement, > as I need to access some local IP directly. I need some more understanding > with iptables. Can anyone help me with the iptables please ? Did you read my first sentence in my first reply? "If you ever use or used Flash without Tor, your Tor session can likely be linked to your non-Tor session. (Flash Cookies, browser fingerprint, fonts, os, kernel, dpi, etc.)" If you want to go this way, I'd strongly recommend a dedicated operating system installation just for that use case. And by the way, a socksifier is not a jail. Flash could use some "special" methods to connect and still connect directly without Tor. For example the IPv6 leak bug... https://trac.torproject.org/projects/tor/wiki/doc/torsocks#WorkaroundforIPv6leakbug _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
