Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Version of Sandboxed Tor Browser Available (bleepingcomputer.com)

Posted by BeauHD on from the separate-entity dept.

An anonymous reader writes: To protect Tor users from FBI hacking tools that include all sorts of Firefox zero-days, the Tor Project started working on a sandboxed version of the Tor Browser in September. Over the weekend, the Tor Project released the first alpha version of the sandboxed Tor Browser. "Currently, this version is in an early alpha stage, and only available for Linux," reports BleepingComputer. "There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here." The report notes: "Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS."

28 comments

  1. Compile source for Linux? by Anonymous Coward · · Score: 0

    I'll wait for the Windows binary.

  2. Interesting... by Anonymous Coward · · Score: 0

    Why isn't everything done like that? What's the downside?

    1. Re:Interesting... by Andreas+Mayer · · Score: 4, Informative

      Accessing stuff outside the sandbox becomes either complicated or completely impossible.

      Complicated can mean less convenient for the user and/or more work for the developer, e.g. more expensive.

      As an example, on iOS each and every app is sandboxed. That's one reason there are things which are common with desktop operating systems, but virtually impossible on iOS. Like a simple file browser - an app per default only has access to files in its own sandbox. You simply can't get at files of other apps. To mitigate that either the OS has to hand out access to individual files (like with the photo library) or files need to be copied from one sandbox to the other.

    2. Re:Interesting... by dottrap · · Score: 4, Informative

      Apple also has sandboxing for Mac apps and every Mac App Store app is required to use it. Non-MAS apps can enable it when signing with Developer ID (which also makes GateKeeper happy).

      The Mac file browser is now a special process that is designed to work with the sandbox. When you user uses the system file panels in a Mac app, it is treated as an explicit opt-in to tell the sandbox that the user has granted permission to access the file.

      For most apps, this sandboxing system works very well and everybody should be using something like this.

      Building a sandboxed Tor browser on Mac should be a straight forward thing and I hope is a short-term goal for Tor.

    3. Re:Interesting... by Anonymous Coward · · Score: 1

      processes on Android is sandboxed. Android also uses type enforcement.

    4. Re:Interesting... by AHuxley · · Score: 2

      In the past it was RAM, CPU. Just getting a computer to run on consumer grade OS was not easy.
      Now its the staff needed to work around complex OS and try and secure parts.
      The downside is you need a great OS and really skilled developers.
      Some US OS brands like to allow data collection and only make computer games easy to code for.
      Other OS are just complex and have teams who have helped the security services in the past.
      Finding a good secure OS to build on is not easy.

      --
      Domestic spying is now "Benign Information Gathering"
    5. Re:Interesting... by AmiMoJo · · Score: 1

      Tails already has quite strict permissions that limit what the browser can access, so I recommend using that rather than the Tor Browser on your main OS. You can always boot it up in a VM if you don't want to restart.

      AMD is introducing features that allow RAM assigned to VMs to be encrypted seamlessly. Combined with the added protection of virtualized hardware (making fingerprinting harder) and a dedicated, read-only OS image, a VM is looking like a pretty good secure environment.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:Interesting... by Anonymous Coward · · Score: 0

      This uses far more extensive sandboxing measures than Mac sandboxing. It uses seccomp which reduces the attack surface area of the kernel through syscall filtering. It tries to ensure that a compromised browser can't use a kernel 0day to break out of the sandbox.

  3. git sucks just like all new opensource by Anonymous Coward · · Score: 2, Interesting

    apt-get install git
    git config --global http.proxy http://192.168.100.4:8080
    git clone https://git.torproject.org/tor-browser/sandboxed-tor-browser.git
    Runtime dependencies:

      * A modern Linux system on x86/x86_64 architecture.
      * bubblewrap >= 0.1.3 (https://github.com/projectatomic/bubblewrap).
      * Gtk+ >= 3.14.0
      * (Optional) PulseAudio

    git clone https://github.com/projectatomic/bubblewrap ./autogen.sh
    *** No autoreconf found, please install it ***
    apt-cache search autoreconf
    apt-get install build-essential ./autogen.sh
    *** No autoreconf found, please install it ***
    apt-get install autotools-dev
    apt-get install autotools
    apt-get install dh-autoreconf

      FUCK YOU

    1. Re: git sucks just like all new opensource by Anonymous Coward · · Score: 0, Troll

      Use a real OS.

    2. Re:git sucks just like all new opensource by manu0601 · · Score: 3, Informative

      You are looking for the autoconf package. While there, also install automake and libtool, as there are little chance you will not need them.

    3. Re:git sucks just like all new opensource by Anonymous Coward · · Score: 1

      pebkac

    4. Re: git sucks just like all new opensource by BatGnat · · Score: 1

      CBM BASIC 2.0?

  4. 404 and unresolvable address by Anonymous Coward · · Score: 0

    wget http://dccbbv6cooddgcrq.onion/tor-browser/sandboxed-tor-browser.git
    --2016-12-13 12:44:09-- http://dccbbv6cooddgcrq.onion/tor-browser/sandboxed-tor-browser.git
    Resolving dccbbv6cooddgcrq.onion (dccbbv6cooddgcrq.onion)... failed: Name or service not known.
    wget: unable to resolve host address ‘dccbbv6cooddgcrq.onion’

    wget https://git.torproject.org/tor-browser/sandboxed-tor-browser.git
    --2016-12-13 12:44:37-- https://git.torproject.org/tor-browser/sandboxed-tor-browser.git
    Resolving git.torproject.org (git.torproject.org)... 138.201.212.228, 2a01:4f8:172:39ca:0:dad3:4:1
    Connecting to git.torproject.org (git.torproject.org)|138.201.212.228|:443... connected.
    HTTP request sent, awaiting response... 404 Not Found
    2016-12-13 12:44:38 ERROR 404: Not Found.

  5. Tor by Anonymous Coward · · Score: 0, Troll

    Tor is preferred by pedophiles. Discuss.

    1. Re:Tor by Anonymous Coward · · Score: 0

      So that explains why you use it.

    2. Re:Tor by campuscodi · · Score: 1

      No, it's not. I use it every day as my default browser.

  6. Subgraph OS by Anonymous Coward · · Score: 1

    If you can't safely run it in Subgraph OS, then it isn't worth it.

  7. Throwing the sand out of the sandbox? by Calydor · · Score: 1

    How does a sandbox protect you against a single obscure line in a potentially massive bit of code that transmits every address you visit (not necessarily the content to avoid being noticed from the performance drop) to an FBI server?

    --
    -=This sig has nothing to do with my comment. Move along now=-
    1. Re:Throwing the sand out of the sandbox? by Anonymous Coward · · Score: 0

      Potentially it doesn't, but in theory your entire sandbox only knows the tor IP address, and can't ping on the plain net.

    2. Re:Throwing the sand out of the sandbox? by Anonymous Coward · · Score: 0

      Sandbox is not designed to protect against fbi finding out which sites you visit but rather to protect against the site you visit finding out anything about the real you and your real location.

      Nothing can protect you from everything so lets not protect anything against anything is you approach?

      But you are correct if you want total security you basically need to create your own computer from scratch even though you might be able to use fpga:s as long as the computer that programs them is your own wirewrapped one. Then you need to create your own compiler, operating system and any additional software you desire.

    3. Re:Throwing the sand out of the sandbox? by gweihir · · Score: 1

      In does not. But if you follow secure anonymous browsing practices (see the Tor website), that information would not help the FBI and other attackers. Of course, if they can identify you from what you do, you are screwed anyways.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  8. FBI are the MAJOR distributor of CP by Anonymous Coward · · Score: 0

    Still beats me how the FBI can own 26 of the 29 sites known on the darknet.

    So, now the USA government are the LARGEST distributor of CP. If the USA turns off it's CP sites then the supply is mostly gone and the problem is mostly solved.

    In a worst case, keep going after the operators of the last 3 sites. But don't keep running 26 of them.

  9. Ironic by avm · · Score: 1

    Firstly, that the Tor browser has not, according to this article, been sandboxed from the outset. Given the nature of the beast, you'd think this would have been a design consideration from the get-go.

    Secondly, that we have an explanation of a sandbox in the summary of the article, as well as the linked article. Wherefore art thou, /.? Thy news is more fit for PHB than BOFH.

    1. Re:Ironic by Burz · · Score: 1

      Probably because security (not just privacy) conscious Tor users were already resorting to platforms like Whonix, a VM that runs on Qubes OS. Think of it like "sandbox++".

      The problem is that Qubes can be very finnicky about the hardware it runs on. It prefers to have equipment like an IOMMU, and if your game-o-tron "rig" has all that nice hardware in spades, the firmware will probably fubar it. If you have a Mac, USB hardware cannot be effectively isolated. Qubes usually travels "PC business class" for those reasons: Thinkpads, etc.

      So offering garden-variety isolation (monolithic kernel sandboxing) is an accessible way to increase the security level of a privacy platform like Tor. Just don't expect that sandbox to be as strong as what Qubes offers (bare-metal hypervisor isolation).

    2. Re:Ironic by Anonymous Coward · · Score: 0

      you dont need all this fancy shit if you can hack wifis, thats the real cyberpunk right there, sandboxes and whonix and qubes and tails are really nice, but at the end of the motherfucking day its just console peasant tier level right there, and nothing else. Your eyeballs wont grow until you can see the matrix like the guy from mr robot, you need to combine it all and change your name to jc denton so you can ask "do you have a single fact to back that up" to people around you and they can answer "thats terror"

      and then everything will reveal itself