[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tor-talk] Tor Browser Bundle with Chromium
When I read the story this morning, my first thought was "Mike Perry's
build system nightmares are all true"
Fred says the deterministic builds for iOS are impossible because Apple's
RAM can't be trusted either.
Everytime I think we've hit local peak dystopia, we go deeper.
On Tue, Mar 10, 2015 at 3:17 PM, Mike Perry <firstname.lastname@example.org>
> Mike Perry:
> > Seth David Schoen:
> > > Luis writes:
> > >
> > > > What are the reasons that makes building a Tor Browser using Chromium
> > > > not such a good idea? I recall reading somewhere that while making a
> > > > Browser with a Chromium base would have its benefits due to
> > > > superior security model (i.e. sandboxing), there are "serious privacy
> > > > issues" that would have to be solved to make that possible.
> > > > My question is what are those issues? What is preventing someone from
> > > > digging out all the Google integration and possible
> > > > features and making a Tor Browser Bundle out of it?
> > >
> > >
> > >
> > > I think that list is kept relatively up-to-date.
> > You might also like:
> > In particular, this paragraph is relevant to the recent Superfish MITM
> > (see
> > "The worst offender on this front is the use of the Microsoft Windows
> > CryptoAPI for certificate validation, without any alternative. This bug
> > means that certificate revocation checking and intermediate certificate
> > retrieval happen outside of the browser's proxy settings, and is subject
> > to alteration by the OEM and/or the enterprise administrator. Worse,
> > beyond the Tor proxy issues, the use of this OS certificate validation
> > API means that the OEM and enterprise also have a simple entry point for
> > installing their own root certificates to enable transparent HTTPS
> > man-in-the-middle, with full browser validation and no user consent or
> > awareness."
> > In fact, I tried to argue with Ryan Sleevi and Adam Langley about the
> > dangers of using CryptoAPI in this way, but I got crickets in response.
> > I believe that supporting such MITMs is a deliberate policy from Google
> > corporate that they cannot change. Adam went so far as to tell me that I
> > should just fork Chromium, because they would not even consider merging
> > an alternate browser-only cert store, even as a user option.
> > However, since our ultimate goal with any browser fork is to re-merge
> > with upstream so we don't have to maintain invasive patches like this, a
> > corporate-level blocker on basic security patches is a non-starter for
> > any project involving Chrome.
> > P.S. How I miss the days when the outlandish doomsday scenarios that I
> > imagined were still merely hypothetical. It seems every week a new
> > nightmare comes true. (Man, I sure hope I'm wrong about the likelihood
> > of wide-scale software build system attacks. I kind of like having
> > computers).
> "The security researchers also claimed they had created a modified
> version of Apple’s proprietary software development tool, Xcode, which
> could sneak surveillance backdoors into any apps or programs created
> using the tool. Xcode, which is distributed by Apple to hundreds of
> thousands of developers, is used to create apps that are sold through
> Apple’s App Store.
> The modified version of Xcode, the researchers claimed, could enable
> spies to steal passwords and grab messages on infected devices.
> Researchers also claimed the modified Xcode could “force all iOS
> applications to send embedded data to a listening post.” It remains
> unclear how intelligence agencies would get developers to use the
> poisoned version of Xcode."
> Mike Perry
> tor-talk mailing list - email@example.com
> To unsubscribe or change other settings go to
tor-talk mailing list - firstname.lastname@example.org
To unsubscribe or change other settings go to