Greetings, I've searched my copy of the lists and can't find any discussion of this. If there has been, please direct me to it.
I think it's obvious that the best way of using tor is running your torrified apps in a VM which can only access the outside world via TOR. This provides the highest protection from network leaks and also partially thwarts fingerprinting. But I can only assume that the 'cost' (performance, complexity, etc) of using a VM for tor is too high for many people— otherwise we would insist that anyone who wants anonymity operate that way. Has anyone looked into using the SELINUX sandbox (http://danwalsh.livejournal.com/28545.html) to prevent leaks? The sandbox provides a high degree of application isolation. It looks like it would be pretty much trivial to add an option to the sandbox front end program to only allow accesses to the tor socks port from the isolated app. With this users on a supporting platforms wouldn't have to use wireshark to figure out if, say, pidgin, is leaking via DNS. They could simply run the app inside the sandbox and be sure of it. Does this sound like a practice which should be refined and recommended? *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/