First Version of Sandboxed Tor Browser Available (bleepingcomputer.com) 28
An anonymous reader writes: To protect Tor users from FBI hacking tools that include all sorts of Firefox zero-days, the Tor Project started working on a sandboxed version of the Tor Browser in September. Over the weekend, the Tor Project released the first alpha version of the sandboxed Tor Browser. "Currently, this version is in an early alpha stage, and only available for Linux," reports BleepingComputer. "There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here." The report notes: "Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS."
Re:Interesting... (Score:5, Informative)
Accessing stuff outside the sandbox becomes either complicated or completely impossible.
Complicated can mean less convenient for the user and/or more work for the developer, e.g. more expensive.
As an example, on iOS each and every app is sandboxed. That's one reason there are things which are common with desktop operating systems, but virtually impossible on iOS. Like a simple file browser - an app per default only has access to files in its own sandbox. You simply can't get at files of other apps. To mitigate that either the OS has to hand out access to individual files (like with the photo library) or files need to be copied from one sandbox to the other.
Re:Interesting... (Score:5, Informative)
Apple also has sandboxing for Mac apps and every Mac App Store app is required to use it. Non-MAS apps can enable it when signing with Developer ID (which also makes GateKeeper happy).
The Mac file browser is now a special process that is designed to work with the sandbox. When you user uses the system file panels in a Mac app, it is treated as an explicit opt-in to tell the sandbox that the user has granted permission to access the file.
For most apps, this sandboxing system works very well and everybody should be using something like this.
Building a sandboxed Tor browser on Mac should be a straight forward thing and I hope is a short-term goal for Tor.
Re: (Score:1)
processes on Android is sandboxed. Android also uses type enforcement.
Re: (Score:2)
Tails already has quite strict permissions that limit what the browser can access, so I recommend using that rather than the Tor Browser on your main OS. You can always boot it up in a VM if you don't want to restart.
AMD is introducing features that allow RAM assigned to VMs to be encrypted seamlessly. Combined with the added protection of virtualized hardware (making fingerprinting harder) and a dedicated, read-only OS image, a VM is looking like a pretty good secure environment.
Re: (Score:3)
Now its the staff needed to work around complex OS and try and secure parts.
The downside is you need a great OS and really skilled developers.
Some US OS brands like to allow data collection and only make computer games easy to code for.
Other OS are just complex and have teams who have helped the security services in the past.
Finding a good secure OS to build on is not easy.
git sucks just like all new opensource (Score:2, Interesting)
apt-get install git
git config --global http.proxy http://192.168.100.4:8080
git clone https://git.torproject.org/tor-browser/sandboxed-tor-browser.git
Runtime dependencies:
* A modern Linux system on x86/x86_64 architecture.
* bubblewrap >= 0.1.3 (https://github.com/projectatomic/bubblewrap).
* Gtk+ >= 3.14.0
* (Optional) PulseAudio
git clone https://github.com/projectatomic/bubblewrap ./autogen.sh
*** No autoreconf found, please install it ***
apt-cache search autoreconf
apt-get
Re: (Score:2)
Re:git sucks just like all new opensource (Score:4, Informative)
Re: (Score:1)
pebkac
Re: (Score:2)
Subgraph OS (Score:1)
If you can't safely run it in Subgraph OS, then it isn't worth it.
Throwing the sand out of the sandbox? (Score:2)
How does a sandbox protect you against a single obscure line in a potentially massive bit of code that transmits every address you visit (not necessarily the content to avoid being noticed from the performance drop) to an FBI server?
Re: (Score:2)
In does not. But if you follow secure anonymous browsing practices (see the Tor website), that information would not help the FBI and other attackers. Of course, if they can identify you from what you do, you are screwed anyways.
Ironic (Score:2)
Firstly, that the Tor browser has not, according to this article, been sandboxed from the outset. Given the nature of the beast, you'd think this would have been a design consideration from the get-go.
Secondly, that we have an explanation of a sandbox in the summary of the article, as well as the linked article. Wherefore art thou, /.? Thy news is more fit for PHB than BOFH.
Re: (Score:2)
Probably because security (not just privacy) conscious Tor users were already resorting to platforms like Whonix, a VM that runs on Qubes OS. Think of it like "sandbox++".
The problem is that Qubes can be very finnicky about the hardware it runs on. It prefers to have equipment like an IOMMU, and if your game-o-tron "rig" has all that nice hardware in spades, the firmware will probably fubar it. If you have a Mac, USB hardware cannot be effectively isolated. Qubes usually travels "PC business class" for thos