:THNK inoficial info that COMODO professors are working on a new adwanced Comodo Dragon -Comodo Secure & Private Browse (CSB) with TOR-
well well well - :-TU wise people how far we are with the job?
I don’t know what to say, if i say something now don’t know how it would be taken.
Sure it’d be interesting, but nothing I would personally use for normal everyday browsing, why? Because if they do it properly then things like javascript and flash would be disabled… not many of my daily websites that function correctly without that, besides TOR isn’t very fast, at least not compared to my standards.
Comodo dragon and Private Internet Access VPN is a good combo for me, I like a mixture of privacy and usability, so this CSB wouldn’t really be targeted at users like me I’d assume, but rather users in for example oppressive regimes or perhaps users who think they are being targeted by spy agencies (whether it’s true or not)
So iunno, would be a cool addition to the line of Comodo products but they’d better make sure it’s done properly and any kind of exploits that get dug up are fixed ASAP otherwise you might just as well use Comodo Dragon, because the people who would be watching you would probably know of these exploits and try to use them. (As seen in the Silk Road case, if I remember correctly)
A TOR enabled version of CD is not a bad idea. Only problem is that without Flash and JavaScript it is hard to use a lot of the internet.
I decided to make a list of things I think would be useful for such a browser, and I assume here that the browser is designed for absolute security/privacy and does not consider usability as a big factor.
[ol]- Security: A mode where the browser is ALWAYS run in FV sandbox (shouldn’t need CIS installed, i.e it should have standalone sandbox)
- Privacy: A mode where EVERYTHING is stored in the memory, i.e it doesn’t write any kind of cache or cookie or internet history etc to the drive, it only stores it in the memory. This mode should also work with the sandbox, i.e everything is saved in the sandbox which is saved in the memory and of course this should be optional because not everyone has a lot of memory in their systems.
[li]This memory should be protected from other applications, could use existing CIS functionality to achieve this.
- The data in the memory should also be encrypted.
[/li] - Privacy/Security: A mode where it alerts you if Flash is installed and if Javascript is enabled etc.
- Privacy: If possible it should bypass the system DNS caching so that you can’t get the browsing history from “ipconfig /displaydns”.
- Privacy: I don’t know if TOR uses a special DNS but if COMODO would replace it with its own DNS then all DNS queries should be encrypted end to end and no data should be logged whatsoever.
- Privacy: I don’t know what happens if TOR would suddenly disconnect, but hardcode it to only be able to use TOR so that it can’t leak data.
- Privacy: I honestly don’t know if this is possible… but it would be cool with sort of like a HIPS for websites, like it would tell you this website is trying to access this and that information or resources etc… Of course optional feature… I don’t really know if it would do any good though, just a random idea I had.
- Privacy: Browser shouldn’t be allowed to read unrelated data, for example it shouldn’t be allowed to access "C:\Users\User\Pictures" but the user should be allowed to define exceptions.
- Privacy/Security: If possible the browser should try to beat keylogging (Examples are Zemana Anti-Logger and Keyscrambler etc) and it should also try to avoid screen grabbing.
- Privacy: If possible, scan all outgoing data (before encryption) to make sure no identifying data like MAC-address or real IP-address etc are sent, upon detection it should alert the user with the relevant data like what webpage etc requested the information and what the information consists of.
- Edit: And open-source would perhaps be a big plus since otherwise people might not trust it, but the issue here is that it’s also open source to people trying to find exploits… 88)[/ol]
Some of the above may not even be possible, feasible or desirable, I just wanted something to do so I thought of ways to make a browser more secure in regards to privacy.
Agreed, it should encrypts everything you type to protect your privacy and identity like keyscrambler.
Dosn’t TOR slow down the surfing?
Yes, it does.
Melih said:
I don’t know what to say, if i say something now don’t know how it would be taken.
Letters in bold say: d o n e
So what? This CDTOR is done? Ready?
It could be a “Consider it done” done… If that makes any sense.
i have a version of it :)…looks pretty done to me 
Awesome idea if Comodo has their own nodes. If not, we may be connecting to a lot of NSA, CIA, FBI, FSB, MI5 nodes. Just saying.