[tbb-dev] Idea: hidden service in tor browser
juanjo
juanjo at avanix.es
Thu Jan 9 19:29:15 UTC 2020
Hi, it is a good idea to look for P2P in the future of Tor, but since
months ago (maybe years) Tor team seem like if they want Tor to fail. I
mean: they ask and they get more money but I can't see where this money
is going...
Tor and Tor Browser development is active but I feel the amount of money
they have and get is worth more than what they are doing, they could do
or hire more devs with it. I feel the development is slow and that the
Tor vulnerabilities are growing faster than Tor fix them: from traffic
analysis, to the design itself, or Hidden Service DoS. And to add fire
it seems they don't want people helping them, I mean, I wanna help and I
make proposals but they do not answer or just say a little "ok" and do
nothing more.
On the Browser side: it should be already using Linux Namespaces like
"Sandboxed Tor Browser" had, but they discussed this months ago and now
it is like vapor, not done and not talking about it... They say they
want to protect users, if they really wanted they will make the sandbox
right now.
And if they really wanted to stop Hidden Service DoS they would have
developed a simple (and temporal) fix with a PoW for connecting to HS to
stop the attacks now.
Sorry for this answer you didn't ask... I'm just a little angry at the
Tor team.
El 9/1/20 a las 15:16, arj03 at pm.me escribió:
> Hi
>
> The browser is a great platform target because it is cross platform
> and with all the changes coming to browsers it is easier and easier to
> write applications that can have the same functionality as desktop
> applications. This includes P2P applications and this is where I think
> the tor browser can really shine, because if it would be possible to
> create hidden services inside the browser, then it would be possible
> to build applications where the nodes are communication directly with
> each other.
>
> I know that there are security implications of running a browser and a
> hidden service in the same process. I'm wondering if it might be
> possible to create this hidden service for only a specific tab (and
> site)? Maybe the security could be improved further by make it so this
> tab could only create tor connections outgoing connections?
>
>
>
> These applications are already there. Shameless link[1] to own app,
> which is a secure scuttlebutt (SSB) application where messages are
> gossipped between peers, running in the browser. SSB desktop clients
> can already run over tor, by using the deamon as proxy so it would be
> quite natural fit for this.
>
> [1]: https://github.com/arj03/ssb-browser-demo
>
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20200109/06c3e0e3/attachment.html>
More information about the tbb-dev
mailing list