[tbb-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 28 18:55:58 UTC 2016

#20814: Pick a more accurate name for the "hardened" Tor Browser
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
 I learned last week that the "hardened" Tor Browser is potentially more
 vulnerable to attack than the vanilla one -- since asan is at odds with
 some of the address randomization stuff that we would want in a true
 hardened build.

 In particular, it sounds like the hardened version is intended to be used
 by developers and other people who are able to report bugs, since it will
 be more likely to crash and is hopefully better prepared to explain where
 the crash was.

 Then I saw https://trac.torproject.org/projects/tor/ticket/20773#comment:4
 today, where yawning's sandboxed tor browser has to open up some more
 surface area (specifically, /proc) for the hardened version to use asan

 At the same time, we have users who are eager to use the hardened version,
 because of how crappy Firefox's security is, and they are frustrated with
 us that we will only make a hardened version of tor browser available for
 linux users.

 Should we change its name to better reflect what it does and what it's

 "debugging"? "fragile"? "developer"?

 Who are your ideal users of this version, and are they using it?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20814>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list