This weekend saw the release of a alpha version of Tor Browser that was sandboxed. It is possible to protect Tor users from the recent de-anonymization attempts.
On Saturday, Tor Browser released a sandboxed edition. The developer said that while the browser has some minor bugs and issues, but it is likely to protect Tor users from the recent de-anonymization attacks.
YawningAngel, a Tor long-time developer, announced version 0.0.2 during a Saturday post to Tor developers’ mailing list.
This week will see the release of official binaries that are only available to Linux distributions. Until then users who are interested in building it can get it code at GitHub.
Even though an alpha release for a piece software is not usually worth attention, Tor Browser’s recent exposure to exploits designed to expose users makes it a welcome news.
In 2015 the FBI targeted Tor Browser customers when officials with the service seize servers that belonged to Playpen, a child pornographic site. Instead of shutting down the website, FBI employed a network investigative strategy to collect IP and MAC addresses on Tor browser users who visited for at least 13 days.
Tor’s Sandboxed Version restricts browser exploits to only the sandbox. That means that the browser cannot be hacked from any machine. Also, files as well as legitimate IP or MAC addresses can be hidden.
Even though the browser was in beta mode, there has been a great deal of progress. In October, Yawning Angle discussed the prototype in a Q&A at the Tor Project. While the original developer stated that he was working with a sandboxed browser in September but that the concept was far more primitive, he continued to mention it.
Bubblewrap, which is an operating system sandboxing utility designed for Linux to limit applications’ access parts of the Linux OS or to user data, powers the browser. Yawning Angel urges browser users to be aware that it’s an alpha version and has flaws.
“There are a number of unresolved issues which affect security and fingerprinting,” said the developer . He also included code for the sandboxed Tor Browser from GitHub in a README. The sandbox should be used in combination with an operating system Linux-based to prevent malware and exploit attacks.
Chrome, Edge, and Safari all use secure sandboxes. Developers with Tor, however, haven’t had enough time to make a sandbox. Yawning Angel answered questions in October and acknowledged it was his third try to create code for the sandbox.
“We don’t always have the time. While we do have funding proposals for this, I chose not to work with the Tor Browser group. “I have tried this since last summer,” Yawning Angel explained at the time.