[tor-talk] Tor and TBB Issues Needing Good Advice

Mirimir mirimir at riseup.net
Tue Jan 23 00:33:31 UTC 2018

On 01/21/2018 10:06 PM, Andreas Krey wrote:
> On Sun, 21 Jan 2018 11:05:01 +0000, Mirimir wrote:
>> On 01/21/2018 04:52 AM, Andreas Krey wrote:
> ...
>>> TBB works right out of the box. Dear casual reader, please don't be alarmed by this post.
>> It does indeed. But it's a fragile thing, in that there's no protection
>> against malware that bypasses Tor. FBI's NIT is a clear demonstration.
>> There's no firewall, unless the user configures one.
> Ok, s/alarmed/overly alarmed/. :-)

Hey :)

I do get the benefit of making Tor browser dead simple to use. And I get
that it's secure enough for most Tor users, who likely aren't at risk
from Tor-bypassing malware.

But it would be very cool if its vulnerabilities were clearly disclosed.
On the download page. There's already disclosure (but maybe not explicit
enough) that Tor isn't secure against global adversaries. So why not
disclosure that Tor browser isn't secure against Tor-bypassing malware?

> The problem, even with the FBI's NIT, is not that tor needs to run
> firewalled, but rather that firefox needs to be denied anything but the
> SOCKS port (and X11, on unix).

As I understand it, FBI's NIT gets dropped through Firefox, but it
phones home through a standalone process. So restricting Firefox to Tor
wouldn't be enough. But even if I'm wrong about existing malware, what I
describe is doable. It's already a risk when opening downloaded files.

> ...
>> Documentation for using Tor as a standalone service is rather iffy and
>> poorly maintained, is it not? Especially for Windows.
> Windows services are iffy as they are. :-( And otherwise this
> is too much distro-dependent (and too much dependent on the
> wishes of the operator) to provide a click-through installer.
> I.e. to some extend you need to know what you are doing there.

I can't deny that :) But OP does have a point about the difficulty in
learning how "to know what you are doing".

>> Not that I'd
>> encourage anyone to use Tor in Windows.
> I have to 'admit' that I have a TBB instance running
> partially so I can use putty to reach hidden services.

Why not standalone Tor?

> ...
>>> have a good tor there is nothing to protect against, and if you somehow
>>> got a subverted tor, it will not be as stupid as to use separate outbound
>>> TCP connections for phoning home, but instead do that through tor.
>> Maybe "a subverted tor" wouldn't be stupid enough to do that, but that's
>> what FBI's NIT does. And that's how many Tor users got pwned by it.
> Yes, but it wasn't tor that was subverted, it was the browser. And
> the subversion was needed to locate the victim, not to phone home
> the result of the location.

What I said above.

> Basically, what we'd want to do is to isolate firefox, by iptables
> or by putting it (but not tor) into a container without network
> access - but either of these may not be available to a normal
> user installing TBB - and then there is windows.

That would be cool. But yeah, Windows :(

> ...
>>> https://hub.docker.com/r/hkjn/tor-browser/
>>> https://blog.jessfraz.com/post/running-a-tor-relay-with-docker/
>> This _is_ good stuff.
> Interesting, but not quite right. It isolates the browser
> from the system, but not from the network.

Good point.

> - Andreas

More information about the tor-talk mailing list