Abel Luck: > Hi, > > Given the following conditions: > > 1) Firefox (15.0 lets say) is running in an isolated VM, and only > Firefox is running (i.e., no other user apps)
Bad. You'd be one of the very few people not using TBB. There are much more TBB users than Mozilla Firefox + Tor users. You can only be anonymous in a big groups, so don't put yourself into a smaller group. > 2) The VM is being properly transparently proxied by another machine > running tor in transparent proxy mode Answered below. > 3) The proxy machine fails cosed upon Tor exit/disconnect Good. > What are the benefits to running the TBB, specifically, what are the > benefits of the patched Firefox+TorButton? You're lucky, I've been working on something similar for a while. [1] Tor Browser without Vidalia/Tor is used in Whonix on one machine. Tor is running on another machine. Both machines are connected through an internal network. Also fails closed. (The machine running Tor has two network cards.) Tor Browser is configured to use a SocksPort listening on the machine with Tor. That is the same what you describe, just simpler. (No need to patch TBB/Firefox, beside the TBB startup script.) The startup script was modified only start Tor Browser, not Vidalia and Tor. (Tor Browser = patched Firefox + Tor Button) Advantages: - Firefox proxy bypass bugs (ex: [2]) was circumvented. - More advantages... [3] Disadvantages. - higher hardware requirements - more difficult to set up - ... [4] Security comparison... [5] Attacks comparison... [6] > My first thoughts are: > > * Identity correlation through circuit sharing is eliminated (TBB uses > its own tor circuits) I'd rather recommend an isolated proxy design (Two machines, one runs Tor, another one runs Tor Browser. Tor Browser can only access Socks ports on the machine with Tor.), instead of a transparent proxy design. Otherwise operating system updates (and other applications, software updater you are not aware off) still use the same circuit. > * Uniform Firefox fingerprint to blend in with other tor users No, answered in my first sentence above. [1] https://sourceforge.net/p/whonix/wiki/Home/ [2] https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs [3] https://sourceforge.net/p/whonix/wiki/Security/#whonix-security-in-real-world [4] https://sourceforge.net/p/whonix/wiki/Security/#disadvantages-of-whonix [5] https://sourceforge.net/p/whonix/wiki/Security/#comparison-of-whonix-tails-and-tbb [6] https://sourceforge.net/p/whonix/wiki/Security/#attacks _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
