The Tor developer known as Yawning Angel announced over the weekend the availability of the Sandboxed Tor Browser, a version designed to offer an additional layer of security to users who value their privacy.
The Sandboxed Tor Browser, whose prototype was first announced in September, is currently in what Yawning Angel calls the “non-developer alpha version.” The source code has been made available and official binaries are expected to be released sometime this week.
Sandboxed Tor Browser 0.0.2 is likely to have bugs and there is some broken functionality. The application only works on Linux systems as it leverages bubblewrap, a sandboxing utility for Linux.
“There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely ‘an improvement over nothing’,” the developer noted. “If you require strong security, consider combining the sandbox with something like Qubes, Subgraph or Tails.”
Yawning Angel said he decided to create a sandboxed version of the Tor Browser for two main reasons: for the challenge, and because of the threat posed by “attackers,” including U.S. authorities, which have increasingly tried to unmask Tor users.
Sandboxing the Tor Browser should offer increased security for users as the sandbox traps exploits and prevents them from accessing files, real IPs and MAC addresses from the host.
Yawning Angel, who is a long-time Tor developer, is at his third attempt to create a sandboxed version of the browser – the first two attempts failed, but he is confident that this time it will work.
“We have a funding proposal to do this but I decided to do it separately from the Tor Browser team,” the developer explained a couple of months ago. “I’ve been trying to do this since last year.”
While Yawning Angel’s variant will only work on Linux due to the fact that it’s based on the Linux utility bubblewrap and sandboxing is OS specific, the Tor Browser team is looking at the possibility of creating an OS X version as well. A Windows version is also being considered in the long term.
Related: DNS Data Can Help Attackers Deanonymize Tor Users
Related: Tor Implements Improved Anonymity Protection
Related: Tor Rival Riffle Promises Anonymity Improvements
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
