[tor-talk] TBB, iptables, and seperation of concerns

Chris tmail299 at errtech.com
Tue Dec 13 03:42:39 UTC 2011

> On Mon, 12 Dec 2011 01:00:37 -0500
> "Chris" <tmail299 at errtech.com> wrote:
>> 1. It isn't in a repository. For security reasons this should be
>> changed.
> What security reasons? pgp verification of all TBB releases is
> available. See
> https://www.torproject.org/docs/verifying-signatures.html.en

It is not so much a signature verification issue as it is a usability
issue that effects security. User do not verify signatures. This is too
difficult for them. Many user do understand how to click update though and
so authentication is done automatically.

>> 2. It merges polipo/Tor together with everything else when Tor should
>> be run as a separate user with an unrestricted Internet connection
>> while the user should run Firefox (with appropriate settings) under a
>> restricted user account with no direct Internet.
> Polipo hasn't been shipped for a while. You're talking about sandboxing
> TBB for more safety. We agree and have a loose plan to implement such a
> sandbox in Windows, OS X, and linux. Please help us.
> Currently a volunteer is working on OS X because that's what they know
> the best,
> https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle/OSX/Security

Thats right. Privoxy, then polipo, and now it is going directly to socks.

I'm not sure how to implement this. I will probably check out implementing
apparmor around firefox at some point here in the near future on
GNU/Linux. I don't really understand how the TBB is merged together. It
seemed messy the last time I looked at it. This was probably not TBB
itself though. Just me. I have looked at the documentation for TBB and it
appeared to be seriously out of date.

> --
> Andrew
> pgp 0x74ED336B
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list