On 09/09/2016 04:23 AM, dawuud wrote: > How does ADD_ONION help with tor vs app data isolation? Why do you > have to modify any torrc at all? Can't you do everything through the > control port? I suppose there are many options not available via control port. > Under the old method I required the user to set up the hidden/onion service by adding a line to their torrc. That's not necessary if I used ADD_ONION. In both methods I still need them to enable the control port and an authentication, but it's just one less requirement using ADD_ONION. Data isolation is improved because it separates responsibility. In Linux, the tor binary runs under a separate user and sets up permissions to protect sensitive data. My OnioNS software can run as a separate user as well. This way, data is isolated to its respective software and I'm not mixing everything. -- Jesse V
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev