[tor-bugs] #20814 [Applications/Tor Browser]: Pick a more accurate name for the "hardened" Tor Browser
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 28 18:55:58 UTC 2016
#20814: Pick a more accurate name for the "hardened" Tor Browser
------------------------------------------+----------------------
Reporter: arma | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
I learned last week that the "hardened" Tor Browser is potentially more
vulnerable to attack than the vanilla one -- since asan is at odds with
some of the address randomization stuff that we would want in a true
hardened build.
In particular, it sounds like the hardened version is intended to be used
by developers and other people who are able to report bugs, since it will
be more likely to crash and is hopefully better prepared to explain where
the crash was.
Then I saw https://trac.torproject.org/projects/tor/ticket/20773#comment:4
today, where yawning's sandboxed tor browser has to open up some more
surface area (specifically, /proc) for the hardened version to use asan
correctly.
At the same time, we have users who are eager to use the hardened version,
because of how crappy Firefox's security is, and they are frustrated with
us that we will only make a hardened version of tor browser available for
linux users.
Should we change its name to better reflect what it does and what it's
for?
"debugging"? "fragile"? "developer"?
Who are your ideal users of this version, and are they using it?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20814>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list