[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] How to make TBB useable as "system Tor", as Tor, Vidalia, pluggable transports system level replacement?



"Patrick Schleizer" wrote:
>Being able to use the components, tor-launcher, Tor and pluggable
>transports that come with the TBB tarball for system use on Debian.
For
>use without or with the Tor Browser. Being able to use these
components,
>without being forced to run Tor Browser.

Your main concern, if I understand correctly, is that using available
"system" packages you lack the latest and greatest Tor packages.
Current versions of TBB, which include all the components you mention,
take an integrated approach to the included binaries. So what you're
requesting is less integration within TBB? The development process for
Tor, Tor Browser, and pluggable transports tends to be disjoint so
what you're suggesting sounds reasonable. From what you've suggested
thus far it appears that to achieve what you're requesting:

1. TBB takes a less integrated approach. Instead of having related
binaries included within the Browser folder the binaries for Tor, and
pluggable transports should be restored to their own folders to make
upgrading easier. This includes relevant data/configuration.

./Tor/
    -- Loading Tor enumerates available pluggable transports from a
(torrc) configuration specified location.

./TorPluggableTransports/
    -- Contains a PT configuration file that determines how the
transports are to be used by a Tor process.

./TorBrowser/
    -- Loading Tor Browser depends on a loader from /Tor/ to determine
if a Tor  process already exists. Reuse the process/config or launch
the Tor  process if needed.

2. The expert bundle downloads/repositories for PT, and TB are added
such that it's possible to download and maintain each of Tor, PT, TB
separately.

There are a couple caveats to consider when deciding to use the system
Tor approach. The first being that some OS use backported updates.This
might be a problem if you were to try and supersede libstdc++.so.6
from your system with the one used by Tor Browser. Another problem
being that to use the same Tor configuration system-wide might not be
as easy to achieve on Windows as it is for non-Windows OS. Even
supposing that it were done -- not all OS processes are designed
by-default to be privacy preserving. Supposing that Tor were used in
this way, and (viola!) system-Tor were in use, might lead a false
sense of security/privacy/anonymity. A lot of OS processes would need
to be changed from default behavior and, at least in the case of
Windows, it might not even be possible to modify. That this night lead
to useable attacks on anonymity across the possible permutations of
system configurations is a concern.

This is from digesting what you've already posted. Please do correct
or add.

-- leeroy
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk