Hi, sajolida: > tails-dev: Part of my mission was to ask two more technical questions > but apparently it's too early to answer both of them with certainty:
> 18:47:50: #1: What kind of network connections will Tor Launcher > initiate *itself* (as opposed to asking little-t-tor to)? None? > The answer is unclear but Tor Launcher will probably initiate some > network activity of its own, for example to start meek-client to talk to > bridgedb. OK, this is very good to know: it can prevent us from wasting time on developments that would be incompatible with this upcoming feature. That's a bit sad for upstream Tor Browser (as long as Tor Launcher is part of the Firefox process, this will make it impossible to sandbox Tor Browser in a way that it can't initiate network communication without going through little-t-tor). As far as Tails is concerned: * At the moment we run Tor Launcher as a dedicated user (so we're not affected by that sandboxing limitation); now, we have plans to change that (#9051), which would be very problematic once Tor Launcher needs to initiate network activity of its own. Added this note to that ticket. * We don't sandbox Firefox processes this much anyway: the benefit would be very limited considering we also have our firewall as an additional layer of protection that will prevent Tor Browser to bypass Tor. > 18:58:56: #3: Any news on the possible language and coding dependencies > for this new Tor Launcher? How easy is it going to be to reuse it in > Tails? :) > The answer is unclear as well but mcs says that they will likely not > have enough time to create a completely new Tor Launcher. So on the short term, nothing changes for us, but the future is uncertain apparently. I do hope Tor Launcher becomes an external process in light of the improved sandboxing it'll allow (outside of Tails). > Hope it's useful :) It is, thanks a lot! Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
