[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and TBB Issues Needing Good Advice

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor and TBB Issues Needing Good Advice
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Mon, 22 Jan 2018 13:33:31 -1100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 22 Jan 2018 19:33:54 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1516667615; bh=eNcEVFka7M4cSFEe3mkclEOsIaA0C6hQIfsu7v+wgjY=; h=Subject:To:References:From:Date:In-Reply-To:From; b=ERc+Iw4fbpGGWx5IaJVape/Y2oCZA1LR3Tb2pYaD9kRDD1JkLj2zUjYmxovgG1jiW blYefyWbsvR1f5BgD8nzi4JGv4eFrsB9kKPPayXquyM4xnGRoxmngVQko1UtSFr83l IfppR0Gd4RInIs7vCirrey2HTTJG57vYTaJfiXmU=
In-reply-to: <20180122090641.GA11930@inner.h.apk.li>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <2SUEd6csjw2CWmGHE3-tdwm0mq3sVyDkTJH6uqMu2PE6Wzl1y4CYVv-DiwA3g4H-pMTn6G0pp5M1_8WzAXDaSbkrZWZKLboYl3JtR7HgQvk=@protonmail.com> <20180121155210.GA4235@inner.h.apk.li> <da13370c-51e8-dced-e62f-40f9a3d5f9ec@riseup.net> <20180122090641.GA11930@inner.h.apk.li>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 01/21/2018 10:06 PM, Andreas Krey wrote:
> On Sun, 21 Jan 2018 11:05:01 +0000, Mirimir wrote:
>> On 01/21/2018 04:52 AM, Andreas Krey wrote:
> ...
>>> TBB works right out of the box. Dear casual reader, please don't be alarmed by this post.
>>
>> It does indeed. But it's a fragile thing, in that there's no protection
>> against malware that bypasses Tor. FBI's NIT is a clear demonstration.
>> There's no firewall, unless the user configures one.
> 
> Ok, s/alarmed/overly alarmed/. :-)

Hey :)

I do get the benefit of making Tor browser dead simple to use. And I get
that it's secure enough for most Tor users, who likely aren't at risk
from Tor-bypassing malware.

But it would be very cool if its vulnerabilities were clearly disclosed.
On the download page. There's already disclosure (but maybe not explicit
enough) that Tor isn't secure against global adversaries. So why not
disclosure that Tor browser isn't secure against Tor-bypassing malware?

> The problem, even with the FBI's NIT, is not that tor needs to run
> firewalled, but rather that firefox needs to be denied anything but the
> SOCKS port (and X11, on unix).

As I understand it, FBI's NIT gets dropped through Firefox, but it
phones home through a standalone process. So restricting Firefox to Tor
wouldn't be enough. But even if I'm wrong about existing malware, what I
describe is doable. It's already a risk when opening downloaded files.

> ...
>> Documentation for using Tor as a standalone service is rather iffy and
>> poorly maintained, is it not? Especially for Windows.
> 
> Windows services are iffy as they are. :-( And otherwise this
> is too much distro-dependent (and too much dependent on the
> wishes of the operator) to provide a click-through installer.
> 
> I.e. to some extend you need to know what you are doing there.

I can't deny that :) But OP does have a point about the difficulty in
learning how "to know what you are doing".

>> Not that I'd
>> encourage anyone to use Tor in Windows.
> 
> I have to 'admit' that I have a TBB instance running
> partially so I can use putty to reach hidden services.

Why not standalone Tor?

> ...
>>> have a good tor there is nothing to protect against, and if you somehow
>>> got a subverted tor, it will not be as stupid as to use separate outbound
>>> TCP connections for phoning home, but instead do that through tor.
>>
>> Maybe "a subverted tor" wouldn't be stupid enough to do that, but that's
>> what FBI's NIT does. And that's how many Tor users got pwned by it.
> 
> Yes, but it wasn't tor that was subverted, it was the browser. And
> the subversion was needed to locate the victim, not to phone home
> the result of the location.

What I said above.

> Basically, what we'd want to do is to isolate firefox, by iptables
> or by putting it (but not tor) into a container without network
> access - but either of these may not be available to a normal
> user installing TBB - and then there is windows.

That would be cool. But yeah, Windows :(

> ...
>>> https://hub.docker.com/r/hkjn/tor-browser/
>>> https://blog.jessfraz.com/post/running-a-tor-relay-with-docker/
>>
>> This _is_ good stuff.
> 
> Interesting, but not quite right. It isolates the browser
> from the system, but not from the network.

Good point.

> - Andreas
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor and TBB Issues Needing Good Advice
  - From: Andreas Krey

References:
- [tor-talk] Tor and TBB Issues Needing Good Advice
  - From: Wanderingnet
- Re: [tor-talk] Tor and TBB Issues Needing Good Advice
  - From: Andreas Krey
- Re: [tor-talk] Tor and TBB Issues Needing Good Advice
  - From: Mirimir
- Re: [tor-talk] Tor and TBB Issues Needing Good Advice
  - From: Andreas Krey

Prev by Author: Re: [tor-talk] What The F - Tor Browser is not your privacy browser, Non-goal: PRIVACY
Next by Author: Re: [tor-talk] Tor and TBB Issues Needing Good Advice
Previous by thread: Re: [tor-talk] Tor and TBB Issues Needing Good Advice
Next by thread: Re: [tor-talk] Tor and TBB Issues Needing Good Advice
Index(es):
- Author
- Thread