On 09/09/2016 04:23 AM, dawuud wrote:
How does ADD_ONION help with tor vs app data isolation? Why do you have to modify any torrc at all? Can't you do everything through the control port? I suppose there are many options not available via control port.
Under the old method I required the user to set up the hidden/onion service by adding a line to their torrc. That's not necessary if I used ADD_ONION. In both methods I still need them to enable the control port and an authentication, but it's just one less requirement using ADD_ONION.
Data isolation is improved because it separates responsibility. In Linux, the tor binary runs under a separate user and sets up permissions to protect sensitive data. My OnioNS software can run as a separate user as well. This way, data is isolated to its respective software and I'm not mixing everything.