My very first considerations... > What are the dangers of using apt-get over Tor? > > Is privoxy + Tor the safest way to go?
I don't think so. > What attacks are possible? 1. Some are documented in the Torify HOWTO. [1] 2. Stale mirror attack. [2] 3. What kind of software you have installed. [2] > Any idea > if there a way to setup a iptables firewall to prevent leaks? I don't think > it currently leaks although should there be a risk introduced in the future > a firewall that could protect against it would be ideal I think. TorBOX [3] uses apt-get and completely isolates it (two machines are used and one can only emit traffic through Tor). TorBOX also prevents some other leaks, such as time zone, etc. [7] See it as an example, you can rip off all concerns for your own needs. Might also be a good idea to switch your circuit when using apt-get, see [5]. Perhaps you don't want to go so far and/or don't want to use multiple machines. In that case you need to do some guesswork and still can get started at the transparent proxy article. [4] [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO [2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#encryptedupdatedownloadSECURITYWAITforfixupstreamORchangeoperatingsystem [3] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX [4] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy [5] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#Howtosafelyupdateusingapt-get [6] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection [7] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/SecurityAndHardening#TorBOXsProtocol-Leak-ProtectionandFingerprinting-Protection ______________________________________________________ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
