[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] TorBrowser Sandboxing as alternative enterprise equivalent: BitBox

To: "tor-talk@xxxxxxxxxxxxxxxxxxxx" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] TorBrowser Sandboxing as alternative enterprise equivalent: BitBox
From: "Fabio Pietrosanti (naif) - lists" <lists@xxxxxxxxxxxxxxx>
Date: Tue, 3 Jan 2017 14:43:27 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 03 Jan 2017 08:44:06 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.5.1

Hello,

thinking about the problem of Tor Browser Sandboxing, i would suggest to
look at the excellent approach taken by the commercial Crypto company
Sirrix AG with their product (partially opensource) BitBox.

BitBox uses a model somehow similar to Whoonix but with a
user-experience that's completely transparent, leaving the end-user with
the experience on using a normal browser while in the backend on his
desktop computer there are two sandboxed operating system using
virtualbox to interact each other.

That architecture and security model could be the one to look forward
for TorBrowser future rather than just looking at "application-level"
alternatives.

References:
- BitBox product
  https://www.sirrix.com/content/pages/BitBox_en.htm

- Installation Manual of BitBox Opensource Edition
  http://download.sirrix.com/media/downloads/65964.pdf

- discussion on BitBox Security

http://security.stackexchange.com/questions/121266/how-secure-is-browser-in-the-box


-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
https://ahmia.fi
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Tor and Google error / CAPTCHAs.
Next by Author: Re: [tor-talk] Browserspy knows my computer time
Previous by thread: Re: [tor-talk] side note re: Possibly Smart, Possibly Stupid, Idea Regarding Tor & Linux Distributions
Next by thread: [tor-talk] Why Tor can't connect?
Index(es):
- Author
- Thread