[mirimir]

Upon reflection, I gotta say more.

I do share the concerns about Tor's security, and about the Tor Project's focus. However, I don't believe that it's useful to argue about the culture war soap opera. As an attentive outsider, it strikes me as largely based on hearsay and innuendo. But still, that's a valid concern, to the extent that it interferes with developing and securing Tor.

What bothers me most about the Tor Project is how it seems to focus on ~OK anonymity and security for most users, and seems to ignore vulnerabilities that impact users who are most at risk.

While Tor browser is very well hardened, relative to Firefox, there's absolutely no protection against malware (or anything else, for that matter) reaching the Internet directly, and so bypassing Tor. And that's precisely what hosed thousands of users who were infected with the FBI's malware, which phoned home, and got them busted.

I don't deny that many of them were accessing child porn. But when we're looking at Tor's security, that's arguably irrelevant. I mean, we know about this because criminal matters in the US are public. However, we have no clue how many users in authoritarian regimes have been pwned by similar malware, over what we'd call human rights issues.

And it's not hard to fix, really. All you need is firewall rules that allow only the Tor process to access the Internet. That's doable with Windows Firewall. But I've never seen anything about that on the Tor Project site.

In Linux, it's harder, because there's no way (that I know) to control network access by process. Only by user. And here's another screwup. In Debian, plain vanilla Tor runs as user debian-tor. So it's easy to allow output only by that user. But Tor browser runs the tor process as the login user, so that approach doesn't work. You can use iptables rules that allow output only to requisite relays, but that's brittle to guard failure.

Anyway, enough already.

[thinkmassive]

> there's absolutely no protection against malware (or anything else, for that matter) reaching the Internet directly, and so bypassing Tor.

This is where something like Whonix[1] is helpful. You’re right that torproject.org doesn’t mention this issue much at all with regard to Tor Browser usage. On the other hand, the warnings are fairly obvious in the TorifyHOWTO[2] section.

[1] https://www.whonix.org/

[2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWT...

[mirimir]

Yes, I should have mentioned Whonix. It's the only sane way to use Tor.

And about the TorifyHOWTO, the dumbed-down website redesign has made that stuff even harder to find than it was before.

[Astarte]

>While Tor browser is very well hardened, relative to Firefox

Some say it is one of the most attacked browser ...

>However, we have no clue how many users in authoritarian regimes have been pwned by similar malware, over what we'd call human rights issues.

Maybe not as much as you believe. The OP is talking more about traffic correlation. The FBI's attack came from the browser, this can also aid in correlation attacks but was irrelevant in the FBI's case. In authoritarian regimes you can just attack from the network side and log each IP which tries to connect to a Tor node. Then you visit those people personally. Or like in so many authoritarian regimes you just block Tor completely. Neither a firewall or Tails or Whonix will protect you against traffic correlation attacks.

[Santosh83]

You can use unregistered obfuscating bridges when the Tor protocol is banned. Not sure how effective that is though, since I've never needed to use them.

[Astarte]

I'm not sure about their security either, see my other post below.

[Santosh83]

> And it's not hard to fix, really. All you need is firewall rules that allow only the Tor process to access the Internet. That's doable with Windows Firewall. But I've never seen anything about that on the Tor Project site.

Generally malware on the local system is nearly always game over. There's little you can do about it without wiping the system. But other than that I suppose the Tor project could give more visibility and advocacy for both Whonix and Tails, as they provide better system-wide protection than the Tor Browser can do. As you say, neither of those well known projects are mentioned anywhere easily locatable on their site.

[mirimir]

I agree that malware means game over. But firewall rules at least protect against wimpy malware.

And yes, I really don't know why they haven't embraced Whonix.

What's funny is that Tails has more visibility, and it's actually less effective against malware. Because there's no isolation between userland and the Tor client.

[GuqLyr]

> In Linux, it's harder, because there's no way (that I know) to control network access by process.

What about https://github.com/gustavo-iniguez-goya/opensnitch ?