[tor-dev] TBB Isolation Impact on Alternative Anon Nets

Yawning Angel yawning at schwanenlied.me
Tue Dec 6 03:39:04 UTC 2016

On Mon, 05 Dec 2016 17:08:17 +0100
bancfc at openmailbox.org wrote:
> TBB sandboxing is a great hardening measure. I was wondering if there 
> are side-effects such as breaking setups that involve using anonymous 
> networks other than Tor. Such as: 
> https://thetinhat.com/tutorials/darknets/i2p-browser-setup-guide.html

Well, i2p doesn't expose a tor control port, so that would break, yes.

> As a workaround we can document how to toggle the TBB variable to 
> disable this. Of course the best solution is having the isolation 
> compatible with alternative setups if you consider this (minority) 
> use-case worthy of your effort.

It's not a TBB variable.  All of this stuff will be opt-in for the
near/medium future anyway (eg: under Linux, the sandboxing component
will be a separate download).

The initial release will not have support for things like this at all.
So the answer is, don't use the Linux sandboxing stuff until this sort
of thing is supported, if you have a really exotic config that you want
to have work[0].


Yawning Angel

[0]: The version number is going to be "0.0.1", and as of now I'm far
more concerned with getting the common use cases fully supported.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161206/858e4e67/attachment.sig>

More information about the tor-dev mailing list