[tbb-dev] Idea: hidden service in tor browser

juanjo juanjo at avanix.es
Thu Jan 9 19:29:15 UTC 2020

Hi, it is a good idea to look for P2P in the future of Tor, but since 
months ago (maybe years) Tor team seem like if they want Tor to fail. I 
mean: they ask and they get more money but I can't see where this money 
is going...

Tor and Tor Browser development is active but I feel the amount of money 
they have and get is worth more than what they are doing, they could do 
or hire more devs with it. I feel the development is slow and that the 
Tor vulnerabilities are growing faster than Tor fix them: from traffic 
analysis, to the design itself, or Hidden Service DoS. And to add fire 
it seems they don't want people helping them, I mean, I wanna help and I 
make proposals but they do not answer or just say a little "ok" and do 
nothing more.

On the Browser side: it should be already using Linux Namespaces like 
"Sandboxed Tor Browser" had, but they discussed this months ago and now 
it is like vapor, not done and not talking about it... They say they 
want to protect users, if they really wanted they will make the sandbox 
right now.

And if they really wanted to stop Hidden Service DoS they would have 
developed a simple (and temporal) fix with a PoW for connecting to HS to 
stop the attacks now.

Sorry for this answer you didn't ask... I'm just a little angry at the 
Tor team.

El 9/1/20 a las 15:16, arj03 at pm.me escribió:
> Hi
> The browser is a great platform target because it is cross platform 
> and with all the changes coming to browsers it is easier and easier to 
> write applications that can have the same functionality as desktop 
> applications. This includes P2P applications and this is where I think 
> the tor browser can really shine, because if it would be possible to 
> create hidden services inside the browser, then it would be possible 
> to build applications where the nodes are communication directly with 
> each other.
> I know that there are security implications of running a browser and a 
> hidden service in the same process. I'm wondering if it might be 
> possible to create this hidden service for only a specific tab (and 
> site)? Maybe the security could be improved further by make it so this 
> tab could only create tor connections outgoing connections?
> These applications are already there. Shameless link[1] to own app, 
> which is a secure scuttlebutt (SSB) application where messages are 
> gossipped between peers, running in the browser. SSB desktop clients 
> can already run over tor, by using the deamon as proxy so it would be 
> quite natural fit for this.
> [1]: https://github.com/arj03/ssb-browser-demo
> _______________________________________________
> tbb-dev mailing list
> tbb-dev at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20200109/06c3e0e3/attachment.html>

More information about the tbb-dev mailing list