tor project First Version of Sandboxed Tor Browser Available

[vissha]

First Version of Sandboxed Tor Browser Available

 

 

Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems.

 

Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system.

 

This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS.

 

Lack of sandboxing exposed Tor Browser users

 

Most modern browsers use sandboxed environments to run code their receive from websites. Chrome, Firefox, and Edge all use sandboxes to separate themselves from the OS.

 

Despite being based on Firefox, the Tor Browser did not use this technique, meaning it was far less secure, even if it provided more features to protect user privacy.

 

In recent years, the FBI has developed and deployed Tor exploits in order to identify and catch crooks hiding their identity using Tor.

 

While the FBI's intentions appear to be good, the Tor Project knows that this type of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.

 

As such, protecting the Tor Browser against exploits and vulnerabilities that can expose the identity of its users is crucial.

 

The easiest way to do this is to support a sandboxing feature that isolates the Tor Browser from other OS processes and limits its ability to interact and query low-level operating system APIs that can expose MAC addresses, IP addresses, computer name, and more.

 

Work on sandboxed Tor Browser started in September

 

The Tor Project started working on a sandboxed version of the Tor Browser in September 2016. Over the weekend, Tor developers have released the first version of this new & improved Tor Browser.

 

As you can imagine, this is a very rough version. One of the Tor developers working on the project describes the browser as a "Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring [T]or, and launching the sandboxed browser. Think  `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers."

 

Currently, this version is in an early alpha stage, and only available for Linux. There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here.

 

Source

[straycat19]

I can see why they are only developing it for Linux currently.  Lots of luck sandboxing anything in Windows 10.  I believe that if you really want to stay safe and secure in the future you will have to run a version of Linux because the Linux community is the only community that is interested in the personal security of its users.  Microsoft is only interested in gathering your data and making money.

[steven36]

2 hours ago, straycat19 said:

I can see why they are only developing it for Linux currently.  Lots of luck sandboxing anything in Windows 10.  I believe that if you really want to stay safe and secure in the future you will have to run a version of Linux because the Linux community is the only community that is interested in the personal security of its users.  Microsoft is only interested in gathering your data and making money.

LOL if you can create me a version of Linux that works for all my programs  i will be happy to boot up into Linux and stay lets see you do the impossible? But tell that's happens haters like you are just blowing hot air and have lost touch with reality  and Linux has the 2% market share to prove it and its been free for 15 years and I  dual boot Linux on both my rigs with Windows 10. and like Linux  and I like Windows OK too  .

 

You know whats so funny about most of  you haters for who bash Windows 10 over privacy  most all of you walk around with a tracking device in you're pocket  EG  a smartphone can we say hypocrite  much? And i dont take security advice from people who never do  security updates. point blank ..

 

 

[Togijak]

19 hours ago, vissha said:

Work on sandboxed Tor Browser started in September

 

 where is the problem to use Tor Browser in Sanboxie (works perfect here and for paranoids use this combination in a VM / VB)

[steven36]

1 hour ago, Togijak said:

 

 where is the problem to use Tor Browser in Sanboxie (works perfect here and for paranoids use this combination in a VM / VB)

Sounds good too me On Linux  everything that is root is already protected    you can just run   Firejail  it will protect  you're personal  folder from the rest  in you're browser . The problem with  sandboxie though is if you got exploited and you didn't run  you're other browsers in sandboxie too   they would be exploited too . Most exploits are both in TOR and Firefox  and the paranoids will tell you to use TOR for normal surfing  and Firefox for Banking ,shopping etc. So every browser really should be sandboxed  . If you was really paranoid  you would use Shadow Defender  too were  you're system always went back to the way it was lol.

 

The problem in Windows is they waited so long too start sandboxing apps that everyone wants unsafe legacy apps that's not sandboxed  Windows store is a  flop because it's too controlled  by Microsoft . . As long as you have unprotected apps on you're system there's a chance you will be exploited .  Windows use to be much worse than it is today  it use to take most about 20 minutes to get infected before XP SP2 .I run NOD32  witch  have Anti Exploit  and also I been  using Malwarebytes full protection  On linux I use nothing like that i dont need it. 

[Togijak]

2 hours ago, steven36 said:

If you was really paranoid  you would use Shadow Defender  too were  you're system always went back to the way it was.

 

For paranoid things I always use TAILS. The best way to make it more complicated (changing mac address etc) for the government to watch what you are doing if yo don't do it from your one internet connection and use your brain.

[steven36]

7 hours ago, Togijak said:

 

For paranoid things I always use TAILS. The best way to make it more complicated (changing mac address etc) for the government to watch what you are doing if yo don't do it from your one internet connection and use your brain.

I dont  know don't  about were  you live but were I'm from the Government already knows everything about you anyways ,IIf you really didn't do nothing  bad really. There is nothing they can do too you. If  they was going too come after you the internet would  just be one tool of many . I know some people  who ran from from law enforcement for years but sooner or latter they end up going out in public because they need something and they got caught too.

 

Law Enforcement is not  just on the internet  chances are if there watching you on here they are watching you off line too.  People like Snowden  was just lucky they got away was all and  one day his luck could  run out.  95% of the people would end up stuck in there own country on the run so what he done is not reality for most. Having  to look  over you're shoulder the rest of you're life because you are trying to evade Law Enforcement is no fun and being paranoid  is no fun sometimes its better to face the music if you even plain to have a life again. 

 

Long before I got on the internet  i got blamed for things by some I didn't do or that i knew something I didn't  and was questioned by  Law Enforcement but because I didn't  do nothing and really didn't know nothing  they didn't know already there  was nothing they could do to me because i was innocent. It's best to not do nothing too get them after you to began with  and sometimes they may come at you and you didn't do nothing but fact is if they want you there going come get you regardless  if you  have the internet or not .

 

t's kind of insane to think you have privacy in public anyways when you come on the internet you're  in public . Say if i was too get drunk witch I dont really drink anymore this is just a example though.. If i go out in public they will get me for being drunk  but if i stay home and dont go out they can't get me . Once you go on the internet  you're in public you really don't have no privacy you just have a illusion of privacy  if you put you're real info  out there sooner or latter they are going to find you  if they want you . It's no different than when you go out on the streets and tell you're peers who you are and they  tell them were you are. Someone on the internet is going too grass on you when they ask that has logs of you're real info. I never put my real info out there ,

 

Now days if i to buy something online  i just give someone i trust the money .  If  i donate it's  it's the same . I learned this on the streets years ago if you don't want to be tracked  you don't leave a paper trail   you only use cash and  the only thing different today   is it's a digital trail . Most people you read about on the internet that gets caught for something was due too there own carelessness  they left a  digital trail all over the internet. As long as people have a illusion that the internet is private they will never understand how to avoid being tracked.

 

How useful was TOR too  Ross William Ulbricht in The US ? not very  because he left a big fat digital trail all over the internet.

https://en.wikipedia.org/wiki/Silk_Road_%28marketplace%29

How useful was TOR to these Drug Dealers  in Germany? not very they got busted .

https://www.deepdotweb.com/2016/11/17/police-bust-darknet-drug-ring-500g-amphetamine-underground-storage/

So   TOR can't  make you  anonymous  it only can hide you're IP . If they want you TOR has failed time and time again and they will find you.

 

When I 1st heard of TOR years ago  and was reading up on it one of the 1st things i read about it was how German Police caught some guys who was trying hide who they was using TOR and still today law enforcement catch people that use TOR  all the time . 

 

Also People who use smartphones also have a illusion of privacy and almost every criminal in the USA have a tracking device in there pocket but  on top of that AT&T’s Hemisphere Phone Records Spying Program Law enforcement buy  data from AT&T’ to catch people. all the time.

 

Here is good example of how easy it is for them to catch you if you put you're real info online .

 

How pre-teens using metadata found a whistleblower in two hours

http://www.abc.net.au/triplej/programs/hack/how-team-of-pre-teens-found-whisteblower-using-metadata/8113668

There teaching people at School  about how easy it is too catch someone trough there personal info on the internet.. so maybe the next generation want be as dumb as most of  us   . And we are not very smart because we do it to our self .