| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by mjg59 3392 days ago

> Is it? Please provide references.

Sandboxing alone justifies this.

> If Chrome leaks any local information this is not true.

Leaking information over Tor is no worse than leaking it over non-Tor, and in general cases Chrome isn't directly sending information that allows a single site to identify you.

> Chrome over Tor is probably a fairly unique fingerprint on its own

What's your threat model? That's a serious question.

1 comments

JupiterMoon 3385 days ago

Sandboxing does not have to be provided at application level. The OS or a virtual machine can take case of confinement.

> Leaking information over Tor is no worse than leaking it over non-Tor, and in general cases Chrome isn't directly sending information that allows a single site to identify you.

More like: Leaking local information over Tor is equivalent to not using Tor, and in general cases the user has no control over what data Chrome is sending.

link

mjg59 3385 days ago

> Sandboxing does not have to be provided at application level. The OS or a virtual machine can take case of confinement.

The OS is in no position to sandbox multiple tabs running in the same browser good grief

> More like: Leaking local information over Tor is equivalent to not using Tor

This isn't even slightly true

> in general cases the user has no control over what data Chrome is sending.

Nor do they have any control over what data the Tor Browser is sending. At some point you have to trust that your software is doing what it's supposed to do.

If privacy is an absolute priority for you, then yes, run Tor Browser. But be aware that in return for privacy you're giving up security. For most people that tradeoff will result in less privacy in the long run. If someone isn't in a position to make an informed choice, a blanket "Use Tor" recommendation may do much more harm than good.

link

JupiterMoon 3382 days ago

> The OS is in no position to sandbox multiple tabs running in the same browser

Who said anything about tabs?

>> More like: Leaking local information over Tor is equivalent to not using Tor

> This isn't even slightly true

There is no middle ground. There are two states here. Anonymous and not anonymous. Once one is not anonymous they are not anonymous. If one leaks one's local IP one is not anonymous. If one leaks one's voice data one is not anonymous.

> At some point you have to trust that your software is doing what it's supposed to do.

I agree. The thing is that Tor Browser is supposed to be limiting data leakage whilst Chrome is supposed to be sending data to Google.

link

mjg59 3381 days ago

> Who said anything about tabs?

If all your tabs run in the same process, any vulnerability triggered by malicious content in one tab has access to all the content in any other tab. Sandboxing the brower process makes it more difficult for that to result in taking over your entire system, but in this case merely taking over the browser is sufficient.

So no, OS-level sandboxing isn't sufficient. And if you don't understand that, you should not be making assertions about security.

link