Slashdot Mirror
Tor Browser Security Under Scrutiny
msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.
The FBI and NSA knew it was shit years ago.
Just sayin...
Why not work with Mozilla to address the issues? What about Chromium? I'd put the brakes on anything Google does with Chrome. Their ever-shifting policies have meant that it's no longer a preferred solution to our clients and to my customers. These aren't minor issues either since Google has been building their own walled garden, something a lot of FOSS and Commercial Software organizations won't support. Firefox at least for now, is void of these issues and is much friendlier to the community as a whole.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
"...Chrome's limitations on proxy support make a switch or a fork impossible."
Just fork the Chromium code, FFS. That's what open source is *for.*
Why anyone who is privacy conscious would use Chrome is beyond me. Let alone for TOR.
Address Space Layout Randomization is disabled on Windows and Mac
Due to our use of cross-compilation and non-standard toolchains in our reproducible build system, several hardening features have ended up disabled. We have known about the Windows issues prior to this report, and should have a fix for them soon. However, the MacOS issues are news to us, and appear to require that we build 64 bit versions of the Tor Browser for full support. The parent ticket for all basic hardening issues in Tor Browser is bug #10065.
Participate in Pwn2Own
iSEC recommended that we find a sponsor to fund a Pwn2Own reward for bugs specific to Tor Browser in a semi-hardened configuration. We are very interested in this idea and would love to talk with anyone willing to sponsor us in this competition, but we're not yet certain that our hardening options will have stabilized with enough lead time for the 2015 contest next March.
Test and recommend the Microsoft Enhanced Mitigation Experience Toolkit on Windows
The Microsoft Enhanced Mitigation Experience Toolkit is an optional toolkit that Windows users can run to further harden Tor Browser against exploitation. We've created bug #12820 for this analysis.
Replace the Firefox memory allocator (jemalloc) with ctmalloc/PartitionAlloc
PartitionAlloc is a memory allocator designed by Google specifically to mitigate common heap-based vulnerabilities by hardening free lists, creating partitioned allocation regions, and using guard pages to protect metadata and partitions. Its basic hardening features can be picked up by using it as a simple malloc replacement library (as ctmalloc). Bug #10281 tracks this work.
The report helpfully mention that Google's Chrome isn't exactly the best choice if you want privacy and anonymity, for a variety of reasons.
It does have the best security and by far, though.
Start to finish, you should have no expectation of anything except being monitored at all times now.
For then they tried to hide the word of the LORD. "but they continually mocked the messengers of God, despised His words and scoffed at His prophets, until the wrath of the LORD arose against His people, until there was no remedy."
Remember, O Lord, the reproach of Your servants; How I bear in my bosom the reproach of all the many peoples, With which Your enemies have reproached, O LORD, With which they have reproached the footsteps of Your anointed.
I assume they mean that it hooks into the OS-level proxy settings. That is a good thing, I hate configuring my proxy settings over and over and over for every application when the OS already has a setting for it.
But it isn't a limitation, last I checked there was a command line parameter for forcing use of a proxy. So just make a launcher app that forces Chrome to use Tor. You should be able to even launch a Tor-using Chrome side-by-side with a non-Tor Chrome if you set it up right (using --user-data-dir to make a new Chrome profile and instance instead of using a local user profile and instance).
How can you trust Mozilla?
Can't turn a hoe into a housewife.
Maybe I'm missing something, but I've read the whole report and I can't find anything that says "don't favor Firefox as a baseline for Tor, rather Google Chrome".
And seriously, if you can't make your site look good in links, I don't need you. Wait, /. looks like shit on links... Dammit.
If you were me, you'd be good lookin'. - six string samurai
Dating back to the *90s*, and not just as a web developer/end user, I imagine they are *INTIMATELY* familiar with Netscapes culture, which judging by my experiences over the years is anecdotally true. They significantly bloated the netscape browser code before releasing it to the community. They made Mozilla Browser a joke until firefox came out and they jumped their development to the new 'lean browser', neglecting their old all-in-one browser, which in turn IMPROVED after their focus shifted from it. Furthermore they took firefox, originally an extemely lithe, low memory, stable platform, and basically ruined it. The saddest part about that being that extensions came from there, eventually being backported to seamonkey (former mozilla suite) and actually performing as well if not better with the plugins there than in firefox now.
The state of mozilla development has been a joke since the beginning. They *STILL* aren't cash-flow positive without google's bri^H^H^Hcontributions, and they seem inclined to spend too much time on new features and not enough time fixing fundamental leaks and flaws in their software dating back to when dos based security-free windows was still the dominant user platform!
I've been saying this for years: switch to OpenBSD and a minimalistic window manager.
You don't need Gnome, you don't need GVFS, you need a smaller attack surface.
As for the browser, why not Midori?
TAILS works well, but there are a lot of unnecessary packages and modules. Recently, the TAILS developers told their users to remove the i2p package(s). They shouldn't exist on a hardened distro to begin with - and neither should the abomination of Java packages.
I use a script to remove hundreds of bloat with each TAILS boot. But with Gnome, some shit just won't go unless you take parts of network manager and/or Gnome with it.
Version 1.0.1 had hamradio modules loaded at start, these being ax25, netrom, and rose. Are you shitting me? IPX, Appletalk, and some other odd ones were auto-loaded too. These modules exist in 1.1 but aren't loaded at boot.
In a secure distro, you don't need bluetooth, you don't want RF communication of any kind! You don't need hamradio modules, remote control modules, infrared modules, etc.
If I had the time I would re-roll TAILS into something stronger, but I don't. They want people to contribute but won't roll a smaller .ISO with a better choice than Gnome - a simple window manager.
Wait, so Gecko is full of ***KNOWN*** "zero" days--zero in the sense we don't know about them, but Mozilla does? Please tell me I'm reading that wrong!
"The Chrome Security team has been a source of innovation in the browser security space. Tor Browser Bundle is based on Firefox and thus inherits progress made by Mozilla automatically. While improvements in Chrome may not be appropriate for Firefox, they could be integrated in Tor Browser Bundle. In a best case scenario, members of the Chrome Security team may be allowed to work with the Tor Project on these changes."
Basically it's saying: Chrome is also doing good stuff, combine it with the stuff you get from Mozilla for a better result.
How many times has a product been touted as being focused on one feature which in turn has turned out to be not so true? How can you take what it now one of the
worst at security (Firefox) and make it one of the best? I am no Chrome browser fan, in fact what Google does well in security of Chrome. It takes away in terms of privacy concerns. Yes, there is a difference between a lack of security and a lack of privacy in this case. I suppose you could argue that Firefox could be more secure with some extensions installed and that any browser targeted could be made less secure when a flaw or hole is found and exploited. I am sure most people use a browser of choice today not for security but because they are familiar with a particular browser and its features. Tor on the other hand, is probably chosen on the basis of it being thought of as more secure. Which I guess is like selling a car that is advertised as most secure in a crash, but fails all crash tests?
What about when Google adds in some code by request of NSA?
Agreed, we don't say 'Use Chrome', just that Chrome has a lot of security stuff we wish was in Firefox. We explicitly did not investigate FF sandboxing/multi-processing (and I thought we said that we explicitly excluded it) because we're not going to be able to make significant headway on that in 6 weeks while FF has been working on it for a while.
What Skuto said, except "are private until a new release is out to the users" is really "6 to 12 months or more down the line" because (I think) they affect the Firefox OS core also which is on a much different schedule. You can actually go through all the bugs here: https://github.com/iSECPartner... but most of them will in fact be 'private'.