Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tor Browser Security Under Scrutiny

Soulskill posted about a month ago | from the shouldn't-we-be-funding-this-better dept.

Encryption 80

msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.

cancel ×

80 comments

Sorry! There are no comments related to the filter you selected.

Not surprising... (0)

Anonymous Coward | about a month ago | (#47715177)

The FBI and NSA knew it was shit years ago.

Just sayin...

Re:Not surprising... (1)

Kazoo the Clown (644526) | about a month ago | (#47715429)

The FBI and NSA knew it was shit years ago.

Just sayin...

So did I. I gave up in Firefox once they moved away from the "less is more" school of design, several years ago. Same reason I gave up on Netscape before that-- creeping featurism. What I want in a browser is lean and mean. REALLY mean. The more complicated a browser is, the bigger the risk of security flaws.

Re:Not surprising... (0)

Anonymous Coward | about a month ago | (#47715913)

Not that Google has learned from that. I just finished migrating back to Firefox after discovering that in recent months that it does a better job at the Chrome experience than the one Chrome itself currently provides, and with less memory bloat.

Re:Not surprising... (0)

Anonymous Coward | about a month ago | (#47716339)

Good luck with that. Finding a browser that's lean and mean for the modern web isn't going to happen. You either have Webkit, Blink, Gecko, or Trident as your engine. All of them are stuck with feature bloat. And it's our fault for letting Apple and Google get away with it, because now that there are THREE big corporations vying for dominance on the web (and Mozilla), and Opera has called it a day, we're basically screwed. To assign any blame to Firefox for this is taking the easy way out and blaming a scapegoat.

Re: Not surprising... (0)

Anonymous Coward | about a month ago | (#47717531)

Palemoon
Try it.

Re: Not surprising... (0)

Anonymous Coward | about a month ago | (#47718355)

It removes features I would rather not remove, all for the sake of no performance gain in my case. It's the equivalent of ricing gentoo linux as far as I'm concerned. In fact, it starts up more slowly than 31 does for me, unless I load the Classic Theme Restorer onto 31, so mileage certainly does vary.

Re: Not surprising... (1)

Skuto (171945) | about a month ago | (#47718825)

Palemoon is just Firefox 24 ESR, which is coincidentally what the Tor Browser Bundle used to be based on.

Re:Not surprising... (5, Insightful)

Applehu Akbar (2968043) | about a month ago | (#47716057)

I feel the same way about Tor as I do about DuckDuckGo: if I were paranoid enough to use it, I would be paranoid enough to wonder how it gets along without a business model.

Re:Not surprising... (0)

Anonymous Coward | about a month ago | (#47716093)

Projects funded by the U.S. Military don't need a business model.

Re:Not surprising... (1)

neminem (561346) | about a month ago | (#47716491)

I also feel the same way about Tor as I do about DuckDuckGo: great ideas in theory, but way too much of a pain to use, given that I don't really have anything terribly important to hide.

Re:Not surprising... (1)

Anonymous Coward | about a month ago | (#47716505)

I was curious so I looked for an answer.

https://duck.co/help/company/advertising-and-affiliates

Re:Not surprising... (0)

Anonymous Coward | about a month ago | (#47716651)

Do you lock your doors or close your curtains? You're paranoid!

You're not paranoid just because you don't want to hand over all of your information to the government or companies on a silver platter.

Re: Not surprising... (0)

Anonymous Coward | about a month ago | (#47718449)

It's your patriotic duty to hand over all of your information to the government without being asked and in a prompt and orderly manner. Also, it is your patriotic duty to inform on your neighbors, friends, relatives and loved ones. Otherwise you're a terrorist.

Re: Not surprising... (0)

Anonymous Coward | about a month ago | (#47719643)

President Obama, is that you?

Re:Not surprising... (1)

ls671 (1122017) | about a month ago | (#47718565)

I agree, sometimes it is better to hide in plain site than hide where you could be expected to hide.

Re:Not surprising... (1)

ls671 (1122017) | about a month ago | (#47718571)

sight

Re:Not surprising... (1)

tomrittervg (3793219) | about a month ago | (#47720661)

It's all State Department grants and the like for Internet Freedom. They also release all their financials: https://blog.torproject.org/bl... [torproject.org]

Why not work with Mozilla (4, Interesting)

Virtucon (127420) | about a month ago | (#47715211)

Why not work with Mozilla to address the issues? What about Chromium? I'd put the brakes on anything Google does with Chrome. Their ever-shifting policies have meant that it's no longer a preferred solution to our clients and to my customers. These aren't minor issues either since Google has been building their own walled garden, something a lot of FOSS and Commercial Software organizations won't support. Firefox at least for now, is void of these issues and is much friendlier to the community as a whole.

Re:Why not work with Mozilla (1, Informative)

Anonymous Coward | about a month ago | (#47715233)

They already do work with Mozilla.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47715525)

Mozilla doesn't care. They are actively undermining features needed to use Tor safely (and, arguably, to browse at all safely).

Firefox has lost the ability to disable javascript; it's gained tons of privacy-violating tracking features, some of which report every URL you visit to Google; it keeps cookies forever by default; and it's gaining more and more browser fingerprinting sources with every release.

Re:Why not work with Mozilla (2, Informative)

Anonymous Coward | about a month ago | (#47716101)

Mozilla doesn't care. They are actively undermining features needed to use Tor safely (and, arguably, to browse at all safely).

Firefox has lost the ability to disable javascript;

Let's see.. *clicks on about:config?filter=javascript.enabled in my bookmarks* Nope, still able to do that.

  it's gained tons of privacy-violating tracking features, some of which report every URL you visit to Google;
it keeps cookies forever by default; and it's gaining more and more browser fingerprinting sources with every release.

Nope again, [mozilla.org] and defaults are easy to change when you're building your own TOR browser.
There's plenty of room elsewhere in Firefox for improvement, and patches are welcome, so there's really no need for this FUD.

Re:Why not work with Mozilla (1, Insightful)

Anonymous Coward | about a month ago | (#47715545)

Firefox at least for now, is void of these issues and is much friendlier to the community as a whole.

As somebody who's been involved in Netscape/Mozilla/Firefox development since the 1990's, I can't think of many statements that are more false than this one. Mozilla is hostile to users in general and continually ignores the most popular bugs in order to implement stupid imitation-Chrome features that are unpopular with the users. In fact, they wear it as a badge of honor like they're flipping us the bird and grinning about it.

Re:Why not work with Mozilla (-1)

Anonymous Coward | about a month ago | (#47716169)

Firefox at least for now, is void of these issues and is much friendlier to the community as a whole.

As somebody who's been involved in Netscape/Mozilla/Firefox development since the 1990's, I can't think of many statements that are more false than this one. Mozilla is hostile to users in general and continually ignores the most popular bugs in order to implement stupid imitation-Chrome features that are unpopular with the users. In fact, they wear it as a badge of honor like they're flipping us the bird and grinning about it.

I see. So it's "they" and "us" is it?

Gee, sure is a good thing your comments are devoid of bias. I'm not saying you're a corporate shill or anything, but if the verbiage fits...

If AC PP is actually a pre-mozilla developer... (1)

Anonymous Coward | about a month ago | (#47717639)

Dating back to the *90s*, and not just as a web developer/end user, I imagine they are *INTIMATELY* familiar with Netscapes culture, which judging by my experiences over the years is anecdotally true. They significantly bloated the netscape browser code before releasing it to the community. They made Mozilla Browser a joke until firefox came out and they jumped their development to the new 'lean browser', neglecting their old all-in-one browser, which in turn IMPROVED after their focus shifted from it. Furthermore they took firefox, originally an extemely lithe, low memory, stable platform, and basically ruined it. The saddest part about that being that extensions came from there, eventually being backported to seamonkey (former mozilla suite) and actually performing as well if not better with the plugins there than in firefox now.

The state of mozilla development has been a joke since the beginning. They *STILL* aren't cash-flow positive without google's bri^H^H^Hcontributions, and they seem inclined to spend too much time on new features and not enough time fixing fundamental leaks and flaws in their software dating back to when dos based security-free windows was still the dominant user platform!

Re:Why not work with Mozilla (1)

Skuto (171945) | about a month ago | (#47718803)

As an anonymous troll that is an authority on the subject, I think the parent is full of shit.

Re:Why not work with Mozilla (5, Interesting)

wbr1 (2538558) | about a month ago | (#47715749)

Chrome/chromium on windows uses the Windows Crypto API to install and verify certs. This bypasses the TOR proxy and allows for a MITM attack with no user knowledge. Changing this requires more work then what they have to do with FF.

My questions are thus... why not move to a model where the entire OS is forced through the tor proxy, This could be done with the use of a dummy network adapter and disabling the current adapter while tor is in use. Yes it would likely break certain OS features during that time, but there it is.

TFA also discusses putting a dumbed down security 'slider' on the browser, but still the default is to allow JIT/JS. Currently you have noscript installed, but not turned off in a fresh install. A few lines of JS is enough to identify an IP or fingerprint more of the system. The default should be most secure with warnings to open it up. Period. At install time you already explin that things do not work like you are used to and then allow the user to decide to reduce security. Anything else provides an illusion of security to a naive user, but still allows an adversary easy means of detection.

Re:Why not work with Mozilla (1)

Anonymous Coward | about a month ago | (#47716127)

To in response to your first comment Tails is the answer. Like the TorBrowser bundle does for Tor itself in the browser space, Tails does to Tor from a wider space (everything is dropped or forced through Tor). Now you might make the argument that Tails goes too far in that it's technical. That same thing can be said for your comment on the slider option defaulting to a less than perfect setting. However if you don't do that then you'll make it even more difficult for people to adopt it. This also has a negative impact on the ability of Tor to anonymise its users. Without sufficient users you can more easily identify the users who do use it. Essentially the argument is you have to compromise in one place or the other and neither is ideal, but at least with the one your inclusive of more users.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47716239)

I'm curious how you can get an IP address with a bit of js. You might get the internal IP address of the machine but not the external Internet one, or am I missing something?

Re:Why not work with Mozilla (1)

Carnildo (712617) | about a month ago | (#47716493)

I'm curious how you can get an IP address with a bit of js.

Perform an AJAX "get" on http://www.whatismyip.com/ [whatismyip.com] or any other IP lookup site.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47716905)

Apart from same origin policy forbidding that request, you would get the TOR exit node IP. And that you can get by simple HTTP already, on the server side.

Re:Why not work with Mozilla (1)

AHuxley (892839) | about a month ago | (#47716807)

The ability to fool a Tor user and browser into giving up an ip has been in the press over the years.
It can be as simple as DNS to an unexpected port, ftp in the distant past to proxy not been filled in, to more unique application related issues with a browser.
In the end the ip drops out and user can then be tracked over the net as expected. Back in 2007 ideas around eg an exit server looking for key words would get a real ip to users browser ie user did not disable Java.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47716453)

That (CAPI) is a non-issue. There are (commercial - about $5 or less) software that takes over CAPI for certificate validation. How do I know - I am the PM for one of these, widely used by our government. There are FOSS available as well.

Re:Why not work with Mozilla (1)

tomrittervg (3793219) | about a month ago | (#47720677)

Would you email me pointers to the Commercial and FOSS ones? I might try and look into them https://ritter.vg/contact.html [ritter.vg]

Re:Why not work with Mozilla (2)

mcrbids (148650) | about a month ago | (#47717349)

My questions are thus... why not move to a model where the entire OS is forced through the tor proxy, This could be done with the use of a dummy network adapter and disabling the current adapter while tor is in use. Yes it would likely break certain OS features during that time, but there it is.

This is a bit like plugging a power strip into itself. It might seem self evident why that should work, but alas, it does not. /s

How do you think TOR communicates with the Internet at large, if not using the OS network stack? And if you coopt that stack, how, pray tell, do you expect TOR to be able to communicate with the TOR nodes?

Re:Why not work with Mozilla (1)

EETech1 (1179269) | about a month ago | (#47720997)

If there was ever a reason to have the device driver firmware loaded by the OS, instead of being stored on the device in flash, I think this is it!

Otherwise, just pwn the network card, and you can send out digital breadcrumbs forever.

At least you can include firmware you think you can trust.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47718781)

Try Qubes (http://qubes-os.org/). It's basically Xen distribution which keeps network interfaces and browser in separate virtual machines. Tor is supported as proxy virtual machine between the two (http://qubes-os/wiki/UserDoc/TorVM).

disclaimer: I am a contributor.

Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47716191)

How can you trust Mozilla?

Re:Why not work with Mozilla (1)

Skuto (171945) | about a month ago | (#47718837)

You don't have to. The browser is fully open source. That's why they're actually comparing vs Chromium, not Chrome. But Chromium is missing quite a few features compared to Chrome like H264 support.

Re:Why not work with Mozilla (0)

Anonymous Coward | about a month ago | (#47717563)

There's the Pale Moon browser, I'm not sure if the devs/community will work with Tor, but because of Mozilla steering away from its fundamentals they decided to fork Firefox. I wouldn't trust anything Gaagle, and I find it suspicious that the group that conducted the security study would make such a laughable suggestion, however I'm sure they suggested the Chrome browser as a base that could be forked and developed into what Tor is looking for.

Re:Why not work with Mozilla (1)

Skuto (171945) | about a month ago | (#47718831)

PaleMoon is just a rebranded Firefox 24 ESR.

Fork it! (0)

Anonymous Coward | about a month ago | (#47715225)

"...Chrome's limitations on proxy support make a switch or a fork impossible."
Just fork the Chromium code, FFS. That's what open source is *for.*

Re:Fork it! (-1)

Anonymous Coward | about a month ago | (#47715261)

Last night, my friends and I forked your mom with our big dongles.

Re:Fork it! (0, Funny)

Anonymous Coward | about a month ago | (#47715347)

Great... so now he's got TWO moms?

Re:Fork it! (-1, Offtopic)

sexconker (1179573) | about a month ago | (#47715353)

Last night, my friends and I forked your mom with our big dongles.

You can only fork things with a fork.

Re:Fork it! (0)

Anonymous Coward | about a month ago | (#47715381)

That's not what your wife said.

Re:Fork it! (0)

Anonymous Coward | about a month ago | (#47717491)

You got bitrot

phone-home browser for TOR? (0)

Anonymous Coward | about a month ago | (#47715309)

Why anyone who is privacy conscious would use Chrome is beyond me. Let alone for TOR.

Findings... (1)

Em Adespoton (792954) | about a month ago | (#47715373)

Address Space Layout Randomization is disabled on Windows and Mac

Due to our use of cross-compilation and non-standard toolchains in our reproducible build system, several hardening features have ended up disabled. We have known about the Windows issues prior to this report, and should have a fix for them soon. However, the MacOS issues are news to us, and appear to require that we build 64 bit versions of the Tor Browser for full support. The parent ticket for all basic hardening issues in Tor Browser is bug #10065.

Participate in Pwn2Own

iSEC recommended that we find a sponsor to fund a Pwn2Own reward for bugs specific to Tor Browser in a semi-hardened configuration. We are very interested in this idea and would love to talk with anyone willing to sponsor us in this competition, but we're not yet certain that our hardening options will have stabilized with enough lead time for the 2015 contest next March.

Test and recommend the Microsoft Enhanced Mitigation Experience Toolkit on Windows

The Microsoft Enhanced Mitigation Experience Toolkit is an optional toolkit that Windows users can run to further harden Tor Browser against exploitation. We've created bug #12820 for this analysis.

Replace the Firefox memory allocator (jemalloc) with ctmalloc/PartitionAlloc

PartitionAlloc is a memory allocator designed by Google specifically to mitigate common heap-based vulnerabilities by hardening free lists, creating partitioned allocation regions, and using guard pages to protect metadata and partitions. Its basic hardening features can be picked up by using it as a simple malloc replacement library (as ctmalloc). Bug #10281 tracks this work.

Re:Findings... (3, Interesting)

Em Adespoton (792954) | about a month ago | (#47715481)

One question I have is:
They say ASLR is disabled, and then they recommend using the product with EMET. However, if ASLR is disabled, doesn't that mean that EMET won't be compatible? EMET requires a number of features to be handled correctly before it can be used.

Seems to me that what really has to happen (in this order) is:

1) Mozilla fixes jemalloc or just replaces it with something like PartitionAlloc, fixing these issues for ALL variants that depend on it.

2) TorBrowser takes the Firefox code and recompiles the source as a single package for each target platform, and feeds THAT into its reproducable build system, instead of using standard cross-compile methods. No library loads, etc, just build a binary blob + chrome. This should be able to work under ASLR, if they do it right.

3) Fix whatever's left that prevents TorBrowser running alongside EMET. However, I think after 1 and 2 are done, there shouldn't be a problem here. Some of EMET's features are already baked in to OS X, so if the above issues are fixed, OS X should be in a stable state as well.

4) Assuming 1 and 2 are listed as priorities for both OTF and Mozilla, this should be doable by sometime in Jan/Feb 2015. Probably the best route would be to start a kickstarter ending at sometime in Feb to raise money for a pwn2own slot. If they don't make the deadline in tightening things up, pledges are dropped and nobody loses. If they DO make the deadline, they get the funds, and contestants will proceed to punch holes in the browser. Mozilla will also benefit from this attack, and should probably contribute to said kickstarter.

Re:Findings... (1)

vux984 (928602) | about a month ago | (#47716001)

They say ASLR is disabled

I *think* what they are saying is that:
ASLR is disabled in their build of the software. (It must be enabled via compiler option).

However, ASLR is enabled in windows itself.

from Microsoft:

http://www.microsoft.com/secur... [microsoft.com]

Address Space Layout Randomization (ASLR): In older versions of Windows, core processes tended to be loaded into predictable memory locations upon system startup. Some exploits work by targeting memory locations known to be associated with particular processes. ASLR randomizes the memory locations used by system files and other programs, making it much harder for an attacker to correctly guess the location of a given process. The combination of ASLR and DEP creates a fairly formidable barrier for attackers to overcome in order to achieve reliable code execution when exploiting vulnerabilities.

ASLR was introduced in Windows Vista and has been included in all subsequent releases of Windows. As with DEP, ASLR is only enabled by default for core operating system binaries and applications that are explicitly configured to use it via a new linker switch.

As for EMET and ASLR:

Basically EMET can force recent versions of Windows to use ASLR even on applications that don't explicitly build with support for it:

http://krebsonsecurity.com/tag... [krebsonsecurity.com]

EMET can force a non-Microsoft application to perform ASLR on every component it loads, whether the program wants it or not. Please note that before you install EMET, youâ(TM)ll need to have Microsoftâ(TM)s .NET Framwork 4 platform installed. And while EMET does work on Windows XP (Service Pack 3 only), XP users cannot take advantage of mandatory ASLR and a few other notable protections included in this tool.

Re:Findings... (1)

Em Adespoton (792954) | about a month ago | (#47716489)

Ah; so they're not saying that they disable ASLR, they're just saying they aren't baking it in (which EMET can do for free).

That makes much more sense if it's the case. I never use TorBrowser on Windows, so I haven't seen how it actually behaves.

Re:Findings... (1)

tomrittervg (3793219) | about a month ago | (#47720723)

The fact that ASLR is not universally applied is a bug, full stop. It needs to be fixed ASAP.

Once you do *that*, exploring running TBB with EMET is worthwhile, as EMET may make exploitation more difficult. I'm not certain that it would actually make it difficult enough for Tor Project to try and get non-technical people to use it, but it's worth exploring IMO.

To your points: PartitionAlloc is independent of ASLR. The deterministic build system relies on cross-compiling on Linux for Windows/Mac. TBB can run under EMET now but it may be unstable. I do not think a Kickstart-funding of Pwn2Own is worthwhile. I also don't think a Pwn2Own on a TBB that doesn't have a lot of hardening is worthwhile - it's just too soft a target.

Re:Findings... (1)

Em Adespoton (792954) | about a month ago | (#47721631)

Thanks! This is excellent info. I do think that a Pwn2Own on TBB would be useful either way -- either it's hardened a lot and fares well, thus getting good publicity as a private AND secure browser, or the glaring bugs are fixed, it fails miserably in the P2O, and the visibility is improved that while it may be somewhat anonymous, it is by no means secure, and people pitch in to help fix that. Seems like a win-win to me, as long as donors are footing the prize bill.

Chrome and privacy (0)

Anonymous Coward | about a month ago | (#47715405)

The report helpfully mention that Google's Chrome isn't exactly the best choice if you want privacy and anonymity, for a variety of reasons.
It does have the best security and by far, though.

Nil to hide nil to fear all is known already (-1)

Anonymous Coward | about a month ago | (#47715487)

The one true word is Jesus' word and God knows everything. For he is our LORD and saviour. The almighty merciful ONE. And God's children must come together in peace for the end times are nigh. Repent for thy sins and you may bask in the Glory of God!

For ye that have harmed the innocent shall rot in Hell! Fear the wrath of God o evil ones. Fear the impending doom. For it is now 9 until the 12th day of Noon!

Re:Nil to hide nil to fear all is known already (0)

Anonymous Coward | about a month ago | (#47715801)

For then they tried to hide the word of the LORD. "but they continually mocked the messengers of God, despised His words and scoffed at His prophets, until the wrath of the LORD arose against His people, until there was no remedy."

Re:Nil to hide nil to fear all is known already (0)

Anonymous Coward | about a month ago | (#47715861)

Remember, O Lord, the reproach of Your servants; How I bear in my bosom the reproach of all the many peoples, With which Your enemies have reproached, O LORD, With which they have reproached the footsteps of Your anointed.

Tor is compromised. (0)

Anonymous Coward | about a month ago | (#47715629)

Start to finish, you should have no expectation of anything except being monitored at all times now.

Re:Tor is compromised. (0)

Anonymous Coward | about a month ago | (#47715651)

Yessiree, Mr. NSA Man.

"Limitations on proxy support"? (2)

The MAZZTer (911996) | about a month ago | (#47715923)

I assume they mean that it hooks into the OS-level proxy settings. That is a good thing, I hate configuring my proxy settings over and over and over for every application when the OS already has a setting for it.

But it isn't a limitation, last I checked there was a command line parameter for forcing use of a proxy. So just make a launcher app that forces Chrome to use Tor. You should be able to even launch a Tor-using Chrome side-by-side with a non-Tor Chrome if you set it up right (using --user-data-dir to make a new Chrome profile and instance instead of using a local user profile and instance).

Re:"Limitations on proxy support"? (2)

Bite The Pillow (3087109) | about a month ago | (#47716449)

Remember the audience. This was written for people who want to know about browsers and Tor. Not for people who want usability.

Specifically, "several bugs required for basic proxy-safe Tor support for Google Chrome's Incognito Mode ended up blocked for various reasons."

So even your command line parameter thing is irrelevant.

Which brings me to this:

So just make a launcher app that forces Chrome to use Tor. You should be able

Stop right there. Everyone who ever said "it's as easy as..." or some variation has been wrong. There are bugs in Chrome, which need to be fixed, but aren't going to because they are blocked by some other feature/problem/request.

So let me re-phrase:

But it isn't a limitation because I don't know what I'm talked about, last I checked the list of command-line arguments there was a command line parameter for forcing use of a proxy. So just resolve the blocks for the bugs that aren't fixed, then fix the bugs, then make a patch set that has to be maintained for Chrome for which the baseline effort will be 3-5x Firefox, then make a launcher app that forces Chrome to use Tor.

You should be able to even [do more things once these things are un-blocked and fixed]".

Christ..Chrome!?!? (0)

Anonymous Coward | about a month ago | (#47716419)

Can't turn a hoe into a housewife.

Re:Christ..Chrome!?!? (1)

EmagGeek (574360) | about a month ago | (#47717093)

Why the hell would you want to?

The report doesn't say "use Chrome" (3, Informative)

roca (43122) | about a month ago | (#47716881)

Maybe I'm missing something, but I've read the whole report and I can't find anything that says "don't favor Firefox as a baseline for Tor, rather Google Chrome".

Re:The report doesn't say "use Chrome" (3, Informative)

Anonymous Coward | about a month ago | (#47717391)

They don't. They simply acknowledge that Chrome has a safer memory deallocator, and that the Chrome team has some put some actual effort into security in their browser.

There is just an active effort now to discredit Firefox at every possible opportunity. It has cropped up in pretty much every browser discussion, at pretty much every opportunity. For every negative point that might have some merit or at least tries to be level-headed, there are two or more that blindly paint Firefox and Mozilla in a negative light. They all follow the usual "us vs them" mentality and chant a mantra that nothing good has happened to Firefox since version 3, that Mozilla is doing nothing but ignoring users, and so forth.

It's actually getting rather disconcerting. It reminds me of the period where the anti-Internet Explorer hype machine kicked into overdrive. Except this time it's almost entirely unwarranted.

Re:The report doesn't say "use Chrome" (2)

Skuto (171945) | about a month ago | (#47718795)

The sheep (or astroturfers, can't tell) have decided that Chrome is the cool thing and everything else must die, facts be damned.

Re:The report doesn't say "use Chrome" (1)

doom (14564) | about a month ago | (#47720957)

I know this is kind of wild and crazy, but could it be that Firefox is developing this weird reputation of egocentric designers intent on pissing-off long term users because there's actually some truth in it?

Re:The report doesn't say "use Chrome" (3, Informative)

Skuto (171945) | about a month ago | (#47718785)

I was wondering the same thing. The only thing the report says is "implementing security features that Chromium has and work in Firefox would help Tor".

The headline is a lie.

Re:The report doesn't say "use Chrome" (1)

Anonymous Coward | about a month ago | (#47718817)

They didn't even mention the process-model of Firefox. Which would be the first thing a layman would mention. Which at least in theory should make Chromium more secure.

Not that they really need to replace Firefox in the long run for that. Because Electrolysis, as the multi process Firefox project is called, is sheduled to go in at the end of this year or at the start of next year.

Re:The report doesn't say "use Chrome" (2)

Skuto (171945) | about a month ago | (#47718845)

It's been in Nightly for a while. I'm posting using it. The only thing that doesn't work well for me is...Gmail.

There's also full sandboxing support, but you need a compile time flag for it.

Re:The report doesn't say "use Chrome" (1)

Anonymous Coward | about a month ago | (#47718873)

I believe I read somewhere multi-process Firefox is targeted for Firefox 36. That is why I mentioned end of the year.

Re:The report doesn't say (1)

tomrittervg (3793219) | about a month ago | (#47720741)

Agreed, we don't say 'Use Chrome', just that Chrome has a lot of security stuff we wish was in Firefox. We explicitly did not investigate FF sandboxing/multi-processing (and I thought we said that we explicitly excluded it) because we're not going to be able to make significant headway on that in 6 weeks while FF has been working on it for a while.

links2 -g (1)

Rinikusu (28164) | about a month ago | (#47717057)

And seriously, if you can't make your site look good in links, I don't need you. Wait, /. looks like shit on links... Dammit.

OpenBSD + Minimal WM (0)

Anonymous Coward | about a month ago | (#47718137)

I've been saying this for years: switch to OpenBSD and a minimalistic window manager.

You don't need Gnome, you don't need GVFS, you need a smaller attack surface.

As for the browser, why not Midori?

TAILS works well, but there are a lot of unnecessary packages and modules. Recently, the TAILS developers told their users to remove the i2p package(s). They shouldn't exist on a hardened distro to begin with - and neither should the abomination of Java packages.

I use a script to remove hundreds of bloat with each TAILS boot. But with Gnome, some shit just won't go unless you take parts of network manager and/or Gnome with it.

Version 1.0.1 had hamradio modules loaded at start, these being ax25, netrom, and rose. Are you shitting me? IPX, Appletalk, and some other odd ones were auto-loaded too. These modules exist in 1.1 but aren't loaded at boot.

In a secure distro, you don't need bluetooth, you don't want RF communication of any kind! You don't need hamradio modules, remote control modules, infrared modules, etc.

If I had the time I would re-roll TAILS into something stronger, but I don't. They want people to contribute but won't roll a smaller .ISO with a better choice than Gnome - a simple window manager.

"...access to private bugs..." (1)

storkus (179708) | about a month ago | (#47718517)

Wait, so Gecko is full of ***KNOWN*** "zero" days--zero in the sense we don't know about them, but Mozilla does? Please tell me I'm reading that wrong!

Re:"...access to private bugs..." (2)

Skuto (171945) | about a month ago | (#47718793)

Security bugs filed against Firefox are private until a new release is out to the users. If the issue is critical (looks like it can be exploited), it will be in a x.0.1 update. If it isn't, then it will be in n+1.

Another way of stating what you said is "if Firefox engineers find a way to 0-day their own browser, they fix it before plasting the information on how to do it all over the internet".

Re: (1)

tomrittervg (3793219) | about a month ago | (#47720813)

What Skuto said, except "are private until a new release is out to the users" is really "6 to 12 months or more down the line" because (I think) they affect the Firefox OS core also which is on a much different schedule. You can actually go through all the bugs here: https://github.com/iSECPartner... [github.com] but most of them will in fact be 'private'.

That's not what it says at all vs Chrome (3, Informative)

Skuto (171945) | about a month ago | (#47718813)

"The Chrome Security team has been a source of innovation in the browser security space. Tor Browser Bundle is based on Firefox and thus inherits progress made by Mozilla automatically. While improvements in Chrome may not be appropriate for Firefox, they could be integrated in Tor Browser Bundle. In a best case scenario, members of the Chrome Security team may be allowed to work with the Tor Project on these changes."

Basically it's saying: Chrome is also doing good stuff, combine it with the stuff you get from Mozilla for a better result.

Tor not significant in numbers anyway (0)

Anonymous Coward | about a month ago | (#47718887)

How many times has a product been touted as being focused on one feature which in turn has turned out to be not so true? How can you take what it now one of the
worst at security (Firefox) and make it one of the best? I am no Chrome browser fan, in fact what Google does well in security of Chrome. It takes away in terms of privacy concerns. Yes, there is a difference between a lack of security and a lack of privacy in this case. I suppose you could argue that Firefox could be more secure with some extensions installed and that any browser targeted could be made less secure when a flaw or hole is found and exploited. I am sure most people use a browser of choice today not for security but because they are familiar with a particular browser and its features. Tor on the other hand, is probably chosen on the basis of it being thought of as more secure. Which I guess is like selling a car that is advertised as most secure in a crash, but fails all crash tests?

What about.. (1)

Mr Mango (2929691) | about a month ago | (#47719233)

What about when Google adds in some code by request of NSA?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?