[tor-talk] Flash, Linux and Tor
Raviji
raviji157 at gmail.com
Tue Oct 16 06:20:03 UTC 2012
On Fri, 12 Oct 2012 13:12:53 +0000
adrelanos <adrelanos at riseup.net> wrote:
> Raviji:
> > On Fri, 12 Oct 2012 11:38:34 +0000
> > adrelanos <adrelanos at riseup.net> wrote:
> >
> >> Outlaw:
> >>> Hi! Let`s say main linux user A is cut off from Internet with iptables,
> >>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor
> >>> (which is started by B) with socks and turn on flash plugin, is there
> >>> any security/anonimity leak in this scheme? Thank you.
> >>
> >> If you ever use or used Flash without Tor, your Tor session can likely
> >> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
> >> fonts, os, kernel, dpi, etc.)
> >>
> >> I believe my project Whonix is currently the safest method to use Flash.
> >> IP/DNS/location remains safe, but Flash usage will always be only
> >> pseudonymous rather than anonymous. Linking your sessions will be
> >> limited to your activity inside the Workstation. Details:
> >
> > whonix is nice, but heavier on system with virtual box.
>
> Indeed, thats a major drawback. Thought with some tweaking you could
> switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements
> to ~400MB or so.
>
> > Where a system wide tor enforcement is a good alternative.
> > It is possible with iptables. We might think about a service,
> > when start do system wide tor enforcement, when stop revert back
> > the system to normal mode.
> >
> > Though I am not successful yet to exclude the lan from this enforcement,
> > as I need to access some local IP directly. I need some more understanding
> > with iptables. Can anyone help me with the iptables please ?
>
> Did you read my first sentence in my first reply?
>
> "If you ever use or used Flash without Tor, your Tor session can likely
> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
> fonts, os, kernel, dpi, etc.)"
>
But can it still pass as the firewall drops all non tor connection ?
Yes, I agree, it still carry the browser fingerprint, fonts, os, kernel, dpi, etc..
and that's why your whonix is nice. Can you make it little bit low fat :-)
More information about the tor-talk
mailing list