Short Bytes: Tor developers have created their own version of Sandboxed Tor Browser. At the moment, an early Alpha version of Sandboxed Tor Browser 0.0.2 is available for Linux distributions. The developers have taken this approach to minimize the attack surface during some vulnerability exploitation.The FBI is known to exploit Firefox browser vulnerabilities and track the activities of Tor Browsers. A series of such developments have inspired the Tor browser developers to take extra security measures.
Firefox creator Mozilla hasn’t been able to add potent sandboxing to its web browser. So, Tor developers have built their own sandboxing.
For those who don’t know, Sandboxing is a method to isolate the programs from the underlying operating system. This technique ensures that threats aren’t propagated from the program to other parts of the OS.
Experts from the Tor Project have launched an Alpha version of Sandboxed Tor Browser 0.0.2. The Sandboxing limits Tor’s ability to interact with low-level APIs. This reduces the surface of attack and makes it hard for a hacker to de-anonymize a user.
Sandboxing separates a program from the underlying OS
Please note that it’s a non-developer Alpha version of sandboxed Tor. The official binaries will be made available next week. The binaries are currently only available for Linux distros. You can go ahead and download the code here.
The developer, Yawning Angel, has been working on this project from a long time. Back in October, in a Q&A with Tor Project, he told that the project was in the experimental mode.
— torproject (@torproject) October 11, 2016
The developer has listed two main features of Sandboxed Tor Browser:
- GTK+3-based UI for downloading/configuring Tor browser in a sandboxed environment. It’s like a ‘tor-browse-launcher’ that runs Tor Browser in a bunch of containers.
- Linux seccomp-bf + namespace based containers for Tor Browser. Centered around bubblewrap, it reduces the chance of attacks.
Did you find the concept of Sandboxed Tor Browser interesting? Share your views in the comments section.