[guardian-dev] Tor isolating proxy - or how to prevent "friendly fire"
timur.mehrvarz at riseup.net
Fri Jan 10 04:38:14 EST 2014
On 09.01.2014 02:05, Tom Ritter wrote:
> I generally do this by using iptables and a bridge IP, block all access
> to anything but the bridge.
I think I prefer the Isolating Proxy (1) approach: "An Isolating Proxy
requires at least two machines." "The Gateway is solely used to run Tor
and has two network interfaces."
A setup like this does not require root (nor any iptables mods) on the
"Workstation" device. And the "Gateway" device can be a mobile device
also. Why not?
One related issue:
The TransparentProxyLeaks document (2) mentions serial numbers in
software. How can I make sure Firefox on Android won't leak such unique
data? As mentioned before, I am unable to stop
org.mozilla.firefox.UpdateService from executing, despite "Automatic
updates" being turned off in the UI. And some "Health service" seems to
run occasionally, despite being turned off as well. Do I have to build
my own, non-chatty version of FF (aka "Tor browser")?
More information about the Guardian-dev