On 01/24/2018 06:20 AM, Wanderingnet wrote: You rather highjacked the thread, but hey ;)
> I'm afraid you miss the point. > 1. To operate TBB with an attendant IPTables setup, including for reasons of > potential leaks, admittedly more of a risk in Torification of other apps. DNS > leaks are regarded as a widespread issue, quite apparent in looking into tor > configurations, though I personally agree (?) that this smacks of bad > programming, perhaps in OS design (though again, this tends to be regarded as > more of an issue with diverse proxying). Isolating TBB in iptables has proven > problematic, since it lacks a native UID, etc. It's not that hard to reconfigure Tor browser to work with standalone Tor. In Debian, debian-tor typically has uid 108, as I recall. Then you can allow only debian-tor process to access eth0 or wlan0. > 2. To operate Tor with the full range of transports: I have started looking > at the possibility of operating debian-tor with the transports included in > TBB, ie. pointing tor at the pluggable transports and libs in the TBB data > and Tor folders, but would love some help with this. This would give the best > of both. That's an excellent idea. > 3. Further isolating tor or TBB behind a user account, and ultimately a > network namespace, which is touted as a light weight container option, but I > have not seen documented for this purpose. Yes, isolation by network namespace would be even better than iptables, I think. But still less secure than isolation by VMs. Or using Qubes. Or better, hardware isolation. > Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email. <SNIP> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk