I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "*WARNING: Active development is on indefinite hiatus"* (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux), the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-build.git/commit/?id=dc35...).
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily? Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
So please, make Sandboxed Tor Browser an official thing.
On 06/16/2018 12:01 PM, juanjo wrote:
I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "*WARNING: Active development is on indefinite hiatus"* (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux), the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-build.git/commit/?id=dc35...).
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily?
Come on. Be reasonable.
Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
Then put forward the time and effort to maintain it.
Matt
I'm always amazed at the demands people will make about free software.
On Sat, Jun 16, 2018 at 2:36 PM, Matt Traudt pastly@torproject.org wrote:
On 06/16/2018 12:01 PM, juanjo wrote:
I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "*WARNING: Active development is on indefinite hiatus"* (https://trac.torproject.org/projects/tor/wiki/doc/
TorBrowser/Sandbox/Linux),
the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-
build.git/commit/?id=dc355882e235178d0a1889a7d96c5721faad2716).
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily?
Come on. Be reasonable.
Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
Then put forward the time and effort to maintain it.
Matt _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Have you heard of the TAILS OS?
Unfortunately I feel your pain. It does not work on all hardware (such as mine) but it is a tor operating system so you don’t have to worry about downloading files, etc. Try it to see if it works for you.
From: Ryan Duff Sent: Saturday, June 16, 2018 11:38 AM To: tor-dev@lists.torproject.org Subject: Re: [tor-dev] Sandboxed Tor Browser should be officially developed
I'm always amazed at the demands people will make about free software.
On Sat, Jun 16, 2018 at 2:36 PM, Matt Traudt pastly@torproject.org wrote:
On 06/16/2018 12:01 PM, juanjo wrote:
I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "*WARNING: Active development is on indefinite hiatus"* (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux), the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-build.git/commit/?id=dc35...).
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily?
Come on. Be reasonable.
Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
Then put forward the time and effort to maintain it.
Matt _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hi,
Thanks for the question.
On 2018-06-16 12:01, juanjo wrote:
I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "WARNING: ACTIVE DEVELOPMENT IS ON INDEFINITE HIATUS" (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux), the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-build.git/commit/?id=dc35...).
As you pointed out, this project is no longer being actively maintained. While someone on the Tor Browser development team can answer more thoroughly, my understanding is that the original maintainer moved on from working on this project. The Tor development teams are quite small, so (like many open source projects) there are more projects than people to support them.
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily? Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
There isn't. If you have more concerns or questions feel free to have a conversation with someone working on Tor directly- we are active on irc: https://www.torproject.org/about/contact.html.en#irc
So please, make Sandboxed Tor Browser an official thing.
We definitely welcome community-supported projects. If you or anyone you know wants to contribute to this project. let us know.
All best, Chelsea
[Well, I already got my first bit of automated spam from the last post, so I might as well reply again.]
On Sat, 16 Jun 2018 20:34:03 -0700 Chelsea Holland Komlo me@chelseakomlo.com wrote:
As you pointed out, this project is no longer being actively maintained. While someone on the Tor Browser development team can answer more thoroughly, my understanding is that the original maintainer moved on from working on this project. The Tor development teams are quite small, so (like many open source projects) there are more projects than people to support them.
Essentially, yes.
TLDR: I do not have the resources to dedicate to maintaining this, and in the long term the project should be replaced by a correctly re-designed Tor Browser that can sandbox itself anyway.
In a more concrete terms, the "correct" thing to do would be for a non-trivial amount of work to be put into making Tor Browser support better isolation and sandboxing on it's own, rather than someone be stuck with trying to retrofit it to do things that the current design and architecture are ill suited to doing.
Till something like that happens, a large amount of time, effort and code will be spent on replicating existing functionality such as the launcher, updater and configuration interface.
This requires extensive changes to the existing Tor Browser design. As an example of what would be required, M. Finkel's design proposal[0] describes the steps required to change the Tor Browser architecture to something that is less nightmarish to sandbox, and provides better component isolation. As far as I am aware, there is no one working on that either.
There are other fundamental unresolved questions specific to Linux sandboxing (eg: X11, D-Bus) that need to be resolved in a user-friendly manner (eg: blocking all of D-Bus a la `sandboxed-tor-browser` is unacceptable for mass adoption), but the better isolation brought on by the architectural change on it's own would be an improvement over a vanilla Tor Browser install, and it would let whoever is working on such things, focus on such things, rather than being forced to re-implement large parts of Tor Browser.
Regards,
I wasn't going to reply to this because the last time I posted to this list, I got flooded with spam, but fine.
On Sat, 16 Jun 2018 18:01:04 +0200 juanjo juanjo@avanix.es wrote:
I do not understand why Sandboxed Tor Browser is now deprecated when it should be the new thing in security features. It works well and stopped already some 0days in the past and today I see that not only is officially "*WARNING: Active development is on indefinite hiatus"* (https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux), the last commit is from 3 months ago, but still it works well. And today I see that for the Firefox 60 ESR this support will be removed (https://gitweb.torproject.org/builders/tor-browser-build.git/commit/?id=dc35...).
Because there was no funding for development.
Is there a hidden agenda to allow LEA/governments to exploit Tor Browser users easily? Because I don't think maintaining the sandboxed version is that much work and it is a great protection for many users.
LOL.
So please, make Sandboxed Tor Browser an official thing.
Fuck you, pay me.
Regards,
Hi!
Yawning Angel:
So please, make Sandboxed Tor Browser an official thing.>> Fuck you, pay me.
While I believe that it is hard for some people to understand the free software ecosystem and personal development efforts, I think that this kind of reply is absolutely off-putting and intimidating. And it has the unfortunate side effect of not helping anybody understand what's gping on.
Cheers, u.
Perhaps the developers could make something like Tor Tails but stripped down bare bones to converse system resources with just Tor Browser afterwards packaging it all into a nice Virtual Machine program that’s invisible to the user. On Thu, Jul 26, 2018 at 2:24 AM u u@451f.org wrote:
Hi!
Yawning Angel:
So please, make Sandboxed Tor Browser an official thing.>> Fuck you,
pay me. While I believe that it is hard for some people to understand the free software ecosystem and personal development efforts, I think that this kind of reply is absolutely off-putting and intimidating. And it has the unfortunate side effect of not helping anybody understand what's gping on.
Cheers, u. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
2 of the 3 options mentioned by Matthew were that...
On Thu, Jul 26, 2018 at 10:43 AM Nathaniel Suchy me@lunorian.is wrote:
Perhaps the developers could make something like Tor Tails but stripped down bare bones to converse system resources with just Tor Browser afterwards packaging it all into a nice Virtual Machine program that’s invisible to the user. On Thu, Jul 26, 2018 at 2:24 AM u u@451f.org wrote:
Hi!
Yawning Angel:
So please, make Sandboxed Tor Browser an official thing.>> Fuck you,
pay me. While I believe that it is hard for some people to understand the free software ecosystem and personal development efforts, I think that this kind of reply is absolutely off-putting and intimidating. And it has the unfortunate side effect of not helping anybody understand what's gping on.
Cheers, u. _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hi Everyone,
We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in #tor-meeting on OTFC.
There was some discussion on the tbb-dev@ mailing list, but this meeting will cover the details, implementation plan, roadmap, timeline, etc (maybe we won't have enough time for all of these topics).
Please feel free to join the channel and watch and/or contribute productively. There will be logs available after the meeting, as well.
https://lists.torproject.org/pipermail/tbb-dev/2018-July/000874.html
Thanks, Matt
On Mon, Jul 16, 2018 at 01:32:19AM +0000, Matthew Finkel wrote:
Hi Everyone,
We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in #tor-meeting on OTFC.
Reminder!
There was some discussion on the tbb-dev@ mailing list, but this meeting will cover the details, implementation plan, roadmap, timeline, etc (maybe we won't have enough time for all of these topics).
Please feel free to join the channel and watch and/or contribute productively. There will be logs available after the meeting, as well.
https://lists.torproject.org/pipermail/tbb-dev/2018-July/000874.html
We'll be discussing the available platform-specific features, some are described (to some extent) in the above thread. Another option that wasn't included was Docker-on-each-OS - at this point, Docker is supported on some versions of Windows, Mac OS X and Linux. However, this doesn't include all OS versions supported by Tor Browser, so we must choose our sandboxing techniques carefully.
I believe we can use/abuse many of the same features used by Docker on these systems when they are available, but we'll need a safe fallback option when they aren't available (while still providing as much protection as we can).
As Tom mentioned in his response on the tbb-dev@ thread, the Windows container features are only available on Windows 10 Professional and Enterprise editions - so we can't rely on them right now. The API is completely undocumented, but we have reference implementations. Containers on Mac OS X are provided through an OS-provided hypervisor layer. This may be an interesting avenue we can explore[0]. On Linux, Sandboxed Tor Browser remains a good example of what we can accomplish.
[0] https://github.com/mist64/xhyve
Thanks, Matt
On Tue, Jul 24, 2018 at 01:37:10AM +0000, Matthew Finkel wrote:
On Mon, Jul 16, 2018 at 01:32:19AM +0000, Matthew Finkel wrote:
Hi Everyone,
We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in #tor-meeting on OTFC.
Reminder!
We had a good meeting yesterday - meeting notes are available online[0].
During the meeting we briefly discussed the different methods we can use for sandboxing Tor Browser on the different platforms. We then moved on to discussing our goals with sandboxing Tor Browser and what are the criteria for the solution we choose. That conversation led us to enumerate the criteria[1] and start thinking about the trade-offs associated with them and how we evaluate them (not exhaustive).
Types of sandbox: a) one standard VM on all desktop OSes running Tor Browser on Linux b) Per-OS container/virtualization solution c) No container/vm, but sandboxing the parent and content processes using OS-specific mechanisms (dropping privs etc.) d) a mix of all options choosing the best per platform
Evaluation criteria for a)-d) 1) (in the face of a browser exploit) tracking protection 2) (no browser exploit) tracking protection 3) (in the face of a browser exploit) proxy bypass protection 4) (no browser exploit) proxy bypass protection 5) user experience 6) development effort (including time to market with improved security) 7) maintainability 8) uplift possibilities 9) installation size? (part of user experience?) 10) ability to take advantage of expected future security improvements 11) Compatibility with future browser/app development plans at the Tor Project
We ran out of time, and we didn't finish, but we'll continue this discussion on the tbb-dev@lists.torproject.org mailing list. Please come join us if you're interested!
[0] http://meetbot.debian.net/tor-meeting/2018/tor-meeting.2018-07-24-14.59.txt [1] https://pad.riseup.net/p/sandbox-07-24
Thanks, Matt
-
Chelsea Holland Komlo -
juanjo -
Keifer Bly -
Matt Traudt -
Matthew Finkel -
Nathaniel Suchy -
Ryan Duff -
u -
Yawning Angel