Tor + SELinux sandbox = leak proof without VM overhead?
Geoff Down
geoffdown at fastmail.net
Sun Aug 29 20:00:55 UTC 2010
On Sun, 29 Aug 2010 00:25 +0200, "intrigeri" <intrigeri at boum.org> wrote:
> Hi,
>
> Gregory Maxwell wrote (22 Aug 2010 00:55:49 GMT) :
> > I think it's obvious that the best way of using tor is running your
> > torrified apps in a VM which can only access the outside world via
> > TOR.
>
> I doubt there is something like "the" best way of using Tor. One
> always needs to balance the risks vs. the efforts needed to get some
> protection against it. More practically speaking: there are use cases
> the Tor Browser Button is perfect for, but it cannot prevent every
> leakage of anonymity to local disks. Then come Tor-ified VM setups
> that protect users a bit more but still somehow rely on the host
> operating system. Then comes running a Tor-ified Live system such as
> T(A)ILS [1] on bare metal. Each situation has its best fit solution
> but I don't think one solution can be told to be best in any cases.
>
> [1] https://amnesia.boum.rog/
>
That would be '.org' :)
BTW is there somewhere from where the CACert root certificate (or
fingerprint) can be downloaded with protection from an SSL cert I
already trust? The above link, once corrected, generates an SSL warning.
GD
--
http://www.fastmail.fm - Same, same, but different...
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list