[tor-talk] How to make TBB useable as "system Tor", as Tor, Vidalia, pluggable transports system level replacement?
Patrick Schleizer
patrick-mailinglists at whonix.org
Sun Feb 1 03:46:46 UTC 2015
l.m:
> "Patrick Schleizer" wrote:
>> Being able to use the components, tor-launcher, Tor and pluggable
>> transports that come with the TBB tarball for system use on Debian.
> For
>> use without or with the Tor Browser. Being able to use these
> components,
>> without being forced to run Tor Browser.
>
> Your main concern, if I understand correctly, is that using available
> "system" packages you lack the latest and greatest Tor packages.
Correct.
> Current versions of TBB, which include all the components you mention,
> take an integrated approach to the included binaries. So what you're
> requesting is less integration within TBB?
Fortunately, there is no need to make it less integrated to support this
use case.
The development process for
> ./Tor/
> -- Loading Tor enumerates available pluggable transports from a
> (torrc) configuration specified location.
>
> ./TorPluggableTransports/
> -- Contains a PT configuration file that determines how the
> transports are to be used by a Tor process.
>
> ./TorBrowser/
> -- Loading Tor Browser depends on a loader from /Tor/ to determine
> if a Tor process already exists. Reuse the process/config or launch
> the Tor process if needed.
The folder structure can remain as is.
> 2. The expert bundle downloads/repositories for PT, and TB are added
> such that it's possible to download and maintain each of Tor, PT, TB
> separately.
Probably too much of a request to be realistic as this would add quite
some more maintenance overhead.
> There are a couple caveats to consider when deciding to use the system
> Tor approach. The first being that some OS use backported updates.This
> might be a problem if you were to try and supersede libstdc++.so.6
> from your system with the one used by Tor Browser.
No issue here. If the TBB tarball (linux) or zip archive (windows) works
in the usual, current, tor-launcher/Tor Browser startup way - and that
does work - and if it were not - it would be an independent issue from
this proposal - then one could also use tor-launcher/Tor/pluggable
transports without being forced to start Tor Browser.
To rephrase this proposal in an alternative way... At the moment, when
you download the TBB package, your only chance to use
tor-launcher/Tor/pluggable transports is to also start Tor Browser. No
way to do that without starting Tor Browser. What is being suggested
here, is an option to just start tor-launcher/Tor/pluggable transports
without starting Tor Browser. Then tor-launcher/Tor/pluggable transports
could be used for the usual applications that can be torified. And when
the user wants to start Tor Browser, it would just connect to the
already running tor-launcher/Tor/pluggable transports (if not already
running).
> Another problem
> being that to use the same Tor configuration system-wide might not be
> as easy to achieve on Windows as it is for non-Windows OS.
I think you are interpreting too much into "system Tor". To my
knowledge, this term has been used for Linux "sudo apt-get install tor"
like approaches or installing Tor as a daemon/service on Windows. It
doesn't mean, automatically each and every program gets torified. Such
endeavors are separate projects and not part of this proposal.
> Even
> supposing that it were done -- not all OS processes are designed
> by-default to be privacy preserving. Supposing that Tor were used in
> this way, and (viola!) system-Tor were in use, might lead a false
> sense of security/privacy/anonymity. A lot of OS processes would need
> to be changed from default behavior and, at least in the case of
> Windows, it might not even be possible to modify. That this night lead
> to useable attacks on anonymity across the possible permutations of
> system configurations is a concern.
These are already existing secondary issues. The Tor package is already
available as standalone for Windows for experts as system Tor. If they
use it and mess up, it's up to them. Being able to use TBB as "system
Tor" wouldn't make this situation better or worse.
*****
We have some more ideas on how to implement this, such as in very short
summary:
- "ship folders that contain the add-ons rather than xpi's"
- "add this application.ini to the TBB package's tor-launcher folder"
- "fix path auto detection when run through iceweasel --app"
Then it could be started
iceweasel --app
/home/user/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/extensions/tor-launcher at torproject.org/application.ini
or so.
We don't have a working proof of concept yet. But we might be able to
break this down into ~5 relatively small, non-intrusive changes or so.
Not trivial to figure out, if you're not into the tor-launcher code
base, but also not rocket science. ;)
Cheers,
Patrick
More information about the tor-talk
mailing list