Using Privoxy to increase the security level (was: reporter from The Economist in Thailand seeks help / new Tor guide is up)
Fabian Keil
freebsd-listen at fabiankeil.de
Wed Nov 1 13:02:21 UTC 2006
"Chris Willis" <chris at castellan.net> wrote:
> I have to add a bit to this one:
>
> NO browser (cept maybe a text browser in BSD or something) is really
> 100% safe on its own. Firefox has lots of vulnerabilities, just like
> IE.
>
> That is why you use privoxy with Tor. http://www.privoxy.org/
Actually it's not, at least it shouldn't be.
If you visit the Privoxy website you will notice that
Privoxy isn't advertised as a protection against browser
vulnerabilities:
|Privoxy is a web proxy with advanced filtering capabilities
|for protecting privacy, modifying web page data, managing cookies,
|controlling access, and removing ads, banners, pop-ups and other
|obnoxious Internet junk. Privoxy has a very flexible configuration
|and can be customized to suit individual needs and tastes.
While Privoxy has some mechanisms against a small set of IE exploits,
these exploits are known for several years and should be fixed in
any recent IE release anyway. I'm not aware of a single Firefox
vulnerability that didn't affect Firefox versions behind Privoxy,
and if there are any, these could probably be prevented by using
any other http proxy as well.
Usually browser vulnerabilities are the result of active scripting
bugs or content parsing problems. Privoxy's filtering capabilities
are far too limited to reliable protect the browser against these,
especially not in advance.
And even if Privoxy could do it: by the time someone implemented a
counter measure in Privoxy, the problem would probably be already
long fixed in the latest browser release.
If you want to increase your browser's security level,
use a reasonable default configuration and update regularly
to stay on top of known security problems. If you do that,
Privoxy is unlikely to increase your security level any further.
Fabian
--
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061101/5999b1da/attachment.pgp>
More information about the tor-talk
mailing list