[tor-talk] Flash, Linux and Tor

adrelanos adrelanos at riseup.net
Tue Oct 16 21:22:24 UTC 2012


Raviji:
> On Fri, 12 Oct 2012 13:12:53 +0000
> adrelanos <adrelanos at riseup.net> wrote:
> 
>> Raviji:
>>> On Fri, 12 Oct 2012 11:38:34 +0000
>>> adrelanos <adrelanos at riseup.net> wrote:
>>>
>>>> Outlaw:
>>>>> Hi! Let`s say main linux user A is cut off from Internet with iptables,
>>>>> user B starts Tor. If I run TorBrowser by user A, connect it to Tor
>>>>> (which is started by B) with socks and turn on flash plugin, is there
>>>>> any security/anonimity leak in this scheme? Thank you.
>>>>
>>>> If you ever use or used Flash without Tor, your Tor session can likely
>>>> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
>>>> fonts, os, kernel, dpi, etc.)
>>>>
>>>> I believe my project Whonix is currently the safest method to use Flash.
>>>> IP/DNS/location remains safe, but Flash usage will always be only
>>>> pseudonymous rather than anonymous. Linking your sessions will be
>>>> limited to your activity inside the Workstation. Details:
>>>
>>> whonix is nice, but heavier on system with virtual box.
>>
>> Indeed, thats a major drawback. Thought with some tweaking you could
>> switch from KDE to Openbox, reduce RAM... Finally lower RAM requirements
>> to ~400MB or so.
>>
>>> Where a system wide tor enforcement is a good alternative.
>>> It is possible with iptables. We might think about a service,
>>> when start do system wide tor enforcement, when stop revert back
>>> the system to normal mode. 
>>>
>>> Though I am not successful yet to exclude the lan from this enforcement,
>>> as I need to access some local IP directly. I need some more understanding
>>> with iptables. Can anyone help me with the iptables please ?
>>
>> Did you read my first sentence in my first reply?
>>
>> "If you ever use or used Flash without Tor, your Tor session can likely
>> be linked to your non-Tor session. (Flash Cookies, browser fingerprint,
>> fonts, os, kernel, dpi, etc.)"
>>
> 
> But can it still pass as the firewall drops all non tor connection ?
> 
> Yes, I agree, it still carry the browser fingerprint, fonts, os, kernel, dpi, etc..
> and that's why your whonix is nice.

> Can you make it little bit low fat :-)

I don't think so. Just updated the FAQ on that topic:
https://sourceforge.net/p/whonix/wiki/FAQ/#why-are-the-whonix-images-so-big


More information about the tor-talk mailing list