[tor-talk] Tor and TBB Issues Needing Good Advice

Mirimir mirimir at riseup.net
Wed Jan 24 23:23:25 UTC 2018


On 01/24/2018 06:20 AM, Wanderingnet wrote:

You rather highjacked the thread, but hey ;)

> I'm afraid you miss the point.
> 1. To operate TBB with an attendant IPTables setup, including for reasons of potential leaks, admittedly more of a risk in Torification of other apps. DNS leaks are regarded as a widespread issue, quite apparent in looking into tor configurations, though I personally agree (?) that this smacks of bad programming, perhaps in OS design (though again, this tends to be regarded as more of an issue with diverse proxying). Isolating TBB in iptables has proven problematic, since it lacks a native UID, etc.

It's not that hard to reconfigure Tor browser to work with standalone
Tor. In Debian, debian-tor typically has uid 108, as I recall. Then you
can allow only debian-tor process to access eth0 or wlan0.

> 2. To operate Tor with the full range of transports: I have started looking at the possibility of operating debian-tor with the transports included in TBB, ie. pointing tor at the pluggable transports and libs in the TBB data and Tor folders, but would love some help with this. This would give the best of both.

That's an excellent idea.

> 3. Further isolating tor or TBB behind a user account, and ultimately a network namespace, which is touted as a light weight container option, but I have not seen documented for this purpose.

Yes, isolation by network namespace would be even better than iptables,
I think. But still less secure than isolation by VMs. Or using Qubes. Or
better, hardware isolation.

> Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

<SNIP>


More information about the tor-talk mailing list