On Fri, 12 Oct 2012 13:12:53 +0000 adrelanos <adrela...@riseup.net> wrote:
> Raviji: > > On Fri, 12 Oct 2012 11:38:34 +0000 > > adrelanos <adrela...@riseup.net> wrote: > > > >> Outlaw: > >>> Hi! Let`s say main linux user A is cut off from Internet with iptables, > >>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor > >>> (which is started by B) with socks and turn on flash plugin, is there > >>> any security/anonimity leak in this scheme? Thank you. > >> > >> If you ever use or used Flash without Tor, your Tor session can likely > >> be linked to your non-Tor session. (Flash Cookies, browser fingerprint, > >> fonts, os, kernel, dpi, etc.) > >> > >> I believe my project Whonix is currently the safest method to use Flash. > >> IP/DNS/location remains safe, but Flash usage will always be only > >> pseudonymous rather than anonymous. Linking your sessions will be > >> limited to your activity inside the Workstation. Details: > > > > whonix is nice, but heavier on system with virtual box. > > Indeed, thats a major drawback. Thought with some tweaking you could > switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements > to ~400MB or so. > > > Where a system wide tor enforcement is a good alternative. > > It is possible with iptables. We might think about a service, > > when start do system wide tor enforcement, when stop revert back > > the system to normal mode. > > > > Though I am not successful yet to exclude the lan from this enforcement, > > as I need to access some local IP directly. I need some more understanding > > with iptables. Can anyone help me with the iptables please ? > > Did you read my first sentence in my first reply? > > "If you ever use or used Flash without Tor, your Tor session can likely > be linked to your non-Tor session. (Flash Cookies, browser fingerprint, > fonts, os, kernel, dpi, etc.)" > But can it still pass as the firewall drops all non tor connection ? Yes, I agree, it still carry the browser fingerprint, fonts, os, kernel, dpi, etc.. and that's why your whonix is nice. Can you make it little bit low fat :-) _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk