Av Gurus

Level 29
Verified
Trusted
Malware Hunter


Developers at the Tor Project have started working on a sandboxed version of the Tor Browser, currently available as an early alpha version for Linux systems.

Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system.

This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS.

Lack of sandboxing exposed Tor Browser users
Most modern browsers use sandboxed environments to run code their receive from websites. Chrome, Firefox, and Edge all use sandboxes to separate themselves from the OS.

Despite being based on Firefox, the Tor Browser did not use this technique, meaning it was far less secure, even if it provided more features to protect user privacy.

In recent years, the FBI has developed and deployed Tor exploits in order to identify and catch crooks hiding their identity using Tor.

While the FBI's intentions appear to be good, the Tor Project knows that this type of exploits can be used for other actions besides catching pedophiles and drug dealers. An exploit that unmasks Tor users can be very easily used to identify political dissidents or journalists investigating cases of corrupt politicians.

As such, protecting the Tor Browser against exploits and vulnerabilities that can expose the identity of its users is crucial.

The easiest way to do this is to support a sandboxing feature that isolates the Tor Browser from other OS processes and limits its ability to interact and query low-level operating system APIs that can expose MAC addresses, IP addresses, computer name, and more.

Work on sandboxed Tor Browser started in September
The Tor Project started working on a sandboxed version of the Tor Browser in September 2016. Over the weekend, Tor developers have released the first version of this new & improved Tor Browser.

As you can imagine, this is a very rough version. One of the Tor developers working on the project describes the browser as a "Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring [T]or, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers."

Currently, this version is in an early alpha stage, and only available for Linux. There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here.
 
W

Wave

It is a really good idea (even though I don't use Tor myself) but I think that they should have left the sandbox closed-source if possible because it can just be accessed by government agencies or anyone else and be read and used to develop a circumvention/exploit... Of course it means that others can help find vulnerabilities and get them reported quicker, but I doubt this. It's harder to exploit something without having access to the source code because you'd have to reverse engineer it manually which will take more time. If you have access to the source code then you can see how the product works without needing to spend time reversing it manually.

even something as simple as sandboxie would do too :p
I think ReHIPS would be better than Sandboxie, or Comodo Sandbox... Since the government can definitely circumvent Sandboxie at ease if they need too, if they can do what they are doing with Tor currently then they can definitely circumvent some API hooking.

Then again, the best option would to just be using Tails for your Tor uses, while using the sandbox version of Tor - you could even try a double sandbox, then anyone trying to attack you would need to have knowledge on both sandboxes being used to bypass both of them and then they'd need to know how to write code for the target OS, etc.
 

Atlas147

Level 30
Verified
Trusted
Content Creator
It is a really good idea (even though I don't use Tor myself) but I think that they should have left the sandbox closed-source if possible because it can just be accessed by government agencies or anyone else and be read and used to develop a circumvention/exploit... Of course it means that others can help find vulnerabilities and get them reported quicker, but I doubt this. It's harder to exploit something without having access to the source code because you'd have to reverse engineer it manually which will take more time. If you have access to the source code then you can see how the product works without needing to spend time reversing it manually.


I think ReHIPS would be better than Sandboxie, or Comodo Sandbox... Since the government can definitely circumvent Sandboxie at ease if they need too, if they can do what they are doing with Tor currently then they can definitely circumvent some API hooking.

Then again, the best option would to just be using Tails for your Tor uses, while using the sandbox version of Tor - you could even try a double sandbox, then anyone trying to attack you would need to have knowledge on both sandboxes being used to bypass both of them and then they'd need to know how to write code for the target OS, etc.
From what I understand ReHIPS is still not a stable release as well? Correct me if I'm wrong
 

Tony Cole

Level 27
I often wonder, if the operators of TOR were arrested and the software taken down, would the percentage of ransomware, child porn, buying drugs, hiring hitmen drop - yes! But then if I can see that, then why not everyone else. Would save a lot of heartache to businesses and home users.
 

Tony Cole

Level 27
Why are so many people obsessed that the Government is going to circumvent sandboxie on your computer(s) I'd imagine they are pretty busy dealing with threats to national security, people, child and drug trafficking, child porn, ISIS, terrorism etc., that to worry about your computer and seeing what you are doing tomorrow morning. I really think it's gone too far, and very pathetic.

Tor is very dangerous, the things you can see and do on there is disgusting. Good old Edward Snowden, just think he knew what his job would involve, and he's ruined his life, never see his home town/state again, nor celebrate Christmas with his family, for what fame and money!
 

SHvFl

Level 35
Verified
Trusted
Content Creator
But I believe a build-in sandbox would work best with TOR and TAILS running off a USB stick. And SB, ReHIPs etc would not protect TOR in this manner, right?

TOR is not advised to be run on your PC directly
If i will go with the usb option why not have a whole OS on the usb than just use TOR? It would make no sense to use the usb only to carry TOR.
 
Last edited: