William Budington: > Since the browser is such a large attack surface, for whonix-ws VMs > which only use Tor Browser, I wonder if access to the control port > could be fully denied? It seems so. Since the Tor Launcher isn't > actually bootstrapping tor, the control port is only used for the > "New Identity" functionality, so you'll lose that. But if you kill > the `socat` process forwarding 9151, the browser seems to work fine.
[Btw to kill all socat for testing one can use: "sudo service anon-ws-disable-stacked-tor stop"] > It seems like the "New Identity" functionality could be implemented > on the whonix-gw side: > https://blog.torproject.org/category/tags/new-identity > > Looks like the Tor Browser use of the control port isn't going away, > though. And in fact may be increasing in the future: > https://trac.torproject.org/projects/tor/ticket/9675 Yes. That's why we have the filter. Btw the full rationale can be found here: https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy Best regards, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ea414b20-4f42-adb8-f998-08597a16ffda%40riseup.net. For more options, visit https://groups.google.com/d/optout.
