On 12/22/10 17:10, Praedor Atrebates wrote: > Could one setup a VM with some arbitrary timezone for it alone and > run tor and bind there so that flash and javascript cannot get such > info as local timezone, etc? Would it be possible to have the VM > change timezone in some random/semi-random fashion so that any > timezone (and other) info that could be otherwise acquired would be > just as unreliable an identifier of your system/location as > information acquired from a tor session? Then, even if flash or > javascript did try to pull information outside tor it would be > totally bogus and ever-changing. It would still be nice to be able > to squelch any attempt by flash to find your REAL IP address by > forcing it to ALWAYS exit via tor no matter what. >
Yes. Feed the VM either random, or standardized (every TOR VM has the same "fingerprint") data. As mentioned earlier, a firewall (in this case within the VM) can block all connections, except between TOR and TOR entry modes; the VM insulates any unique user info from a roving plugin/extension. The VM also protects the host, should the application within be compromised (e.g. memory attack). JAVA is capable of more identity-revealing mischief than JS; within a VM you could safely run even JAVA. HTH *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
