vissha Posted December 12, 2016 Share Posted December 12, 2016 First Version of Sandboxed Tor Browser Available Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems. Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS. Lack of sandboxing exposed Tor Browser users Most modern browsers use sandboxed environments to run code their receive from websites. Chrome, Firefox, and Edge all use sandboxes to separate themselves from the OS. Despite being based on Firefox, the Tor Browser did not use this technique, meaning it was far less secure, even if it provided more features to protect user privacy. In recent years, the FBI has developed and deployed Tor exploits in order to identify and catch crooks hiding their identity using Tor. While the FBI's intentions appear to be good, the Tor Project knows that this type of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians. As such, protecting the Tor Browser against exploits and vulnerabilities that can expose the identity of its users is crucial. The easiest way to do this is to support a sandboxing feature that isolates the Tor Browser from other OS processes and limits its ability to interact and query low-level operating system APIs that can expose MAC addresses, IP addresses, computer name, and more. Work on sandboxed Tor Browser started in September The Tor Project started working on a sandboxed version of the Tor Browser in September 2016. Over the weekend, Tor developers have released the first version of this new & improved Tor Browser. As you can imagine, this is a very rough version. One of the Tor developers working on the project describes the browser as a "Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring [T]or, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers." Currently, this version is in an early alpha stage, and only available for Linux. There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here. Source Link to comment Share on other sites More sharing options...
straycat19 Posted December 13, 2016 Share Posted December 13, 2016 I can see why they are only developing it for Linux currently. Lots of luck sandboxing anything in Windows 10. I believe that if you really want to stay safe and secure in the future you will have to run a version of Linux because the Linux community is the only community that is interested in the personal security of its users. Microsoft is only interested in gathering your data and making money. Link to comment Share on other sites More sharing options...
steven36 Posted December 13, 2016 Share Posted December 13, 2016 2 hours ago, straycat19 said: I can see why they are only developing it for Linux currently. Lots of luck sandboxing anything in Windows 10. I believe that if you really want to stay safe and secure in the future you will have to run a version of Linux because the Linux community is the only community that is interested in the personal security of its users. Microsoft is only interested in gathering your data and making money. LOL if you can create me a version of Linux that works for all my programs i will be happy to boot up into Linux and stay lets see you do the impossible? But tell that's happens haters like you are just blowing hot air and have lost touch with reality and Linux has the 2% market share to prove it and its been free for 15 years and I dual boot Linux on both my rigs with Windows 10. and like Linux and I like Windows OK too . You know whats so funny about most of you haters for who bash Windows 10 over privacy most all of you walk around with a tracking device in you're pocket EG a smartphone can we say hypocrite much? And i dont take security advice from people who never do security updates. point blank .. Link to comment Share on other sites More sharing options...
Togijak Posted December 13, 2016 Share Posted December 13, 2016 19 hours ago, vissha said: Work on sandboxed Tor Browser started in September where is the problem to use Tor Browser in Sanboxie (works perfect here and for paranoids use this combination in a VM / VB) Link to comment Share on other sites More sharing options...
steven36 Posted December 13, 2016 Share Posted December 13, 2016 1 hour ago, Togijak said: where is the problem to use Tor Browser in Sanboxie (works perfect here and for paranoids use this combination in a VM / VB) Sounds good too me On Linux everything that is root is already protected you can just run Firejail it will protect you're personal folder from the rest in you're browser . The problem with sandboxie though is if you got exploited and you didn't run you're other browsers in sandboxie too they would be exploited too . Most exploits are both in TOR and Firefox and the paranoids will tell you to use TOR for normal surfing and Firefox for Banking ,shopping etc. So every browser really should be sandboxed . If you was really paranoid you would use Shadow Defender too were you're system always went back to the way it was lol. The problem in Windows is they waited so long too start sandboxing apps that everyone wants unsafe legacy apps that's not sandboxed Windows store is a flop because it's too controlled by Microsoft . . As long as you have unprotected apps on you're system there's a chance you will be exploited . Windows use to be much worse than it is today it use to take most about 20 minutes to get infected before XP SP2 .I run NOD32 witch have Anti Exploit and also I been using Malwarebytes full protection On linux I use nothing like that i dont need it. Link to comment Share on other sites More sharing options...
Togijak Posted December 13, 2016 Share Posted December 13, 2016 2 hours ago, steven36 said: If you was really paranoid you would use Shadow Defender too were you're system always went back to the way it was. For paranoid things I always use TAILS. The best way to make it more complicated (changing mac address etc) for the government to watch what you are doing if yo don't do it from your one internet connection and use your brain. Link to comment Share on other sites More sharing options...
steven36 Posted December 13, 2016 Share Posted December 13, 2016 7 hours ago, Togijak said: For paranoid things I always use TAILS. The best way to make it more complicated (changing mac address etc) for the government to watch what you are doing if yo don't do it from your one internet connection and use your brain. I dont know don't about were you live but were I'm from the Government already knows everything about you anyways ,IIf you really didn't do nothing bad really. There is nothing they can do too you. If they was going too come after you the internet would just be one tool of many . I know some people who ran from from law enforcement for years but sooner or latter they end up going out in public because they need something and they got caught too. Law Enforcement is not just on the internet chances are if there watching you on here they are watching you off line too. People like Snowden was just lucky they got away was all and one day his luck could run out. 95% of the people would end up stuck in there own country on the run so what he done is not reality for most. Having to look over you're shoulder the rest of you're life because you are trying to evade Law Enforcement is no fun and being paranoid is no fun sometimes its better to face the music if you even plain to have a life again. Long before I got on the internet i got blamed for things by some I didn't do or that i knew something I didn't and was questioned by Law Enforcement but because I didn't do nothing and really didn't know nothing they didn't know already there was nothing they could do to me because i was innocent. It's best to not do nothing too get them after you to began with and sometimes they may come at you and you didn't do nothing but fact is if they want you there going come get you regardless if you have the internet or not . t's kind of insane to think you have privacy in public anyways when you come on the internet you're in public . Say if i was too get drunk witch I dont really drink anymore this is just a example though.. If i go out in public they will get me for being drunk but if i stay home and dont go out they can't get me . Once you go on the internet you're in public you really don't have no privacy you just have a illusion of privacy if you put you're real info out there sooner or latter they are going to find you if they want you . It's no different than when you go out on the streets and tell you're peers who you are and they tell them were you are. Someone on the internet is going too grass on you when they ask that has logs of you're real info. I never put my real info out there , Now days if i to buy something online i just give someone i trust the money . If i donate it's it's the same . I learned this on the streets years ago if you don't want to be tracked you don't leave a paper trail you only use cash and the only thing different today is it's a digital trail . Most people you read about on the internet that gets caught for something was due too there own carelessness they left a digital trail all over the internet. As long as people have a illusion that the internet is private they will never understand how to avoid being tracked. How useful was TOR too Ross William Ulbricht in The US ? not very because he left a big fat digital trail all over the internet. https://en.wikipedia.org/wiki/Silk_Road_%28marketplace%29 How useful was TOR to these Drug Dealers in Germany? not very they got busted . https://www.deepdotweb.com/2016/11/17/police-bust-darknet-drug-ring-500g-amphetamine-underground-storage/ So TOR can't make you anonymous it only can hide you're IP . If they want you TOR has failed time and time again and they will find you. When I 1st heard of TOR years ago and was reading up on it one of the 1st things i read about it was how German Police caught some guys who was trying hide who they was using TOR and still today law enforcement catch people that use TOR all the time . Also People who use smartphones also have a illusion of privacy and almost every criminal in the USA have a tracking device in there pocket but on top of that AT&T’s Hemisphere Phone Records Spying Program Law enforcement buy data from AT&T’ to catch people. all the time. Here is good example of how easy it is for them to catch you if you put you're real info online . How pre-teens using metadata found a whistleblower in two hours http://www.abc.net.au/triplej/programs/hack/how-team-of-pre-teens-found-whisteblower-using-metadata/8113668 There teaching people at School about how easy it is too catch someone trough there personal info on the internet.. so maybe the next generation want be as dumb as most of us . And we are not very smart because we do it to our self . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.