I'm always amazed at the demands people will make about free software.

[Well, I already got my first bit of automated spam from the last post,
so I might as well reply again.]

On Sat, 16 Jun 2018 20:34:03 -0700
Essentially, yes.

TLDR: I do not have the resources to dedicate to maintaining this, and
in the long term the project should be replaced by a correctly
re-designed Tor Browser that can sandbox itself anyway.

In a more concrete terms, the "correct" thing to do would be for a
non-trivial amount of work to be put into making Tor Browser support
better isolation and sandboxing on it's own, rather than someone be
stuck with trying to retrofit it to do things that the current design
and architecture are ill suited to doing.

Till something like that happens, a large amount of time, effort and
code will be spent on replicating existing functionality such as the
launcher, updater and configuration interface.

This requires extensive changes to the existing Tor Browser design. As
an example of what would be required, M. Finkel's design proposal[0]
describes the steps required to change the Tor Browser architecture to
something that is less nightmarish to sandbox, and provides better
component isolation. As far as I am aware, there is no one working on
that either.

There are other fundamental unresolved questions specific to Linux
sandboxing (eg: X11, D-Bus) that need to be resolved in a user-friendly
manner (eg: blocking all of D-Bus a la `sandboxed-tor-browser` is
unacceptable for mass adoption), but the better isolation brought on by
the architectural change on it's own would be an improvement over a
vanilla Tor Browser install, and it would let whoever is working on
such things, focus on such things, rather than being forced to
re-implement large parts of Tor Browser.

Regards,

Hi!
While I believe that it is hard for some people to understand the free
software ecosystem and personal development efforts, I think that this
kind of reply is absolutely off-putting and intimidating. And it has the
unfortunate side effect of not helping anybody understand what's gping on.

Cheers,
u.

Reminder!
We'll be discussing the available platform-specific features, some are
described (to some extent) in the above thread. Another option that
wasn't included was Docker-on-each-OS - at this point, Docker is
supported on some versions of Windows, Mac OS X and Linux. However,
this doesn't include all OS versions supported by Tor Browser, so we
must choose our sandboxing techniques carefully.

I believe we can use/abuse many of the same features used by Docker on
these systems when they are available, but we'll need a safe fallback
option when they aren't available (while still providing as much
protection as we can).

As Tom mentioned in his response on the tbb-dev@ thread, the Windows
container features are only available on Windows 10 Professional and
Enterprise editions - so we can't rely on them right now. The API is
completely undocumented, but we have reference implementations.
Containers on Mac OS X are provided through an OS-provided hypervisor
layer. This may be an interesting avenue we can explore[0]. On Linux,
Sandboxed Tor Browser remains a good example of what we can accomplish.

[0] https://github.com/mist64/xhyve