Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. to protect users’ anonymity.
Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. The Sandboxed Tor Browser aims to isolate the Tor Browser from other processes of the operating system in order to limit its ability to interact or query low-level APIs.
In this way the experts believe it is possible to reduce the surface of attack of the Tor users, making hard for attackers the exploitation of flaws that could lead to the exposure of real IP addresses, MAC addresses, computer name, and other data that can be used to de-anonymize users.
The Tor Browser is composed of two components, a modified version of the Firefox browser, and the Tor proxy which implements routing functionalities in the Tor network. An attacker can try to hack the browser component forcing it to connect to other than the legitimate Tor proxy part, for example, a server set up by the attacker that gathers user data.
“That means if an attacker can compromise the Firefox half of Tor Browser, it can de-anonymize the user by connecting to something other than the Tor proxy,” Richard Barnes, Firefox Security Lead, said.
In October Barnes announced a series of improvements, including the use of Unix domain sockets that are data communications endpoints of exchanging data between processes executing on the same operating system.
This allows the Tor Browser to securely communicate with the FireFox component without underlying the network protocol. In this way the experts are able to create a sandbox around the Firefox component, any manipulation or attacks will have no effects on the user’s privacy because the Tor Browser wouldn’t be able to make a network connection to de-anonymize the user.
In October, Motherboard reported that the Tor developer Yawning Angel just finished an experimental prototype that will likely appear in some versions of the Tor Browser later this year.
“That means that you could run it in a sandbox with no network access (only a Unix domain socket to the proxy), and it would still work fine. And then, even if the Firefox half of Tor Browser were compromised, it wouldn’t be able to make a network connection to de-anonymize the user,” added Barnes.
As explained by Barnes such kind of security measures is actually supported only on platforms that have implemented Unix domain sockets, such as Linux and Mac OS.
The implementation of a Sandboxed Tor Browser will protect users from attacks like the one conducted by law enforcement in 2015 while they were investigating into a child pornography site Playpen hosted on the dark web.
The law enforcement used a hacking tool known as network investigative technique (NIT) that allowed them to hack into some 8,700 computers across 120 different countries.
Unfortunately, hacking tools like the NIT can also be used by a totalitarian government to unmask political opponents, journalists, dissidents, and others.
Now the Tor development team announced the released the first version of the sandboxed Tor Browser (ver 0.0.2) that implements the following features:
One of the developers working on the project describes the browser features as:
- A Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring tor, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers.
- Linux seccomp–bpf + namespace based containers for Tor Browser, that attempts to prevent/mitigate exploits and reduce the amount of personally identifiable information to a minimum, centered around bubblewrap (runtime dependency).
Watch out, it is still an alpha version that could include some potentially major bugs.
This version is only available for Linux distro and the binaries should be available sometime next week. Skilled users can compile the source code that was shared by the experts at the Tor Project.