Hi there, I was thinking about possible improvements for how setups using Tor enforce secure (privacy-concious) usage of Tor.
Consider for example torsocks. If I use torsocks in order to connect to a Tor daemon, torsocks will prevent the application from doing DNS queries. But if it didn't, the Tor circuits it initiated could be considered as "tainted" because an attacker could correlate the DNS traffic with the traffic coming from the exit node. This is probably well-known, but what struck me is that it's torsocks which does the important work here. Any client software which has access to the Tor daemon would have the option to taint the Tor daemon. So, why not improve the security by using modern operating system security mechanisms? Using granular capability-based access controls, the operating system can prevent processes from accessing both Tor and non-Tor sockets. Furthermore, communication between Tor-based and non-Tor-based network clients can be restricted. Ideally, it should be possible to create a system where only Tor and the access control policy must be audited in order to be sure that attacks based on correlating Tor and non-Tor connections cannot be applied. I know that for many setups, this would mean additional effort on the operating system layer, but the general interest in security is becoming larger, so I could imagine that efforts like this can attract some user and developer dedication. Any comments are appreciated. Best regards, Isidor -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
