Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Alpha Version of Sandboxed Tor Browser Available for Linux

The Tor developer known as Yawning Angel announced over the weekend the availability of the Sandboxed Tor Browser, a version designed to offer an additional layer of security to users who value their privacy.

The Tor developer known as Yawning Angel announced over the weekend the availability of the Sandboxed Tor Browser, a version designed to offer an additional layer of security to users who value their privacy.

The Sandboxed Tor Browser, whose prototype was first announced in September, is currently in what Yawning Angel calls the “non-developer alpha version.” The source code has been made available and official binaries are expected to be released sometime this week.

Sandboxed Tor Browser 0.0.2 is likely to have bugs and there is some broken functionality. The application only works on Linux systems as it leverages bubblewrap, a sandboxing utility for Linux.

“There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely ‘an improvement over nothing’,” the developer noted. “If you require strong security, consider combining the sandbox with something like Qubes, Subgraph or Tails.”

Yawning Angel said he decided to create a sandboxed version of the Tor Browser for two main reasons: for the challenge, and because of the threat posed by “attackers,” including U.S. authorities, which have increasingly tried to unmask Tor users.

Sandboxing the Tor Browser should offer increased security for users as the sandbox traps exploits and prevents them from accessing files, real IPs and MAC addresses from the host.

Yawning Angel, who is a long-time Tor developer, is at his third attempt to create a sandboxed version of the browser – the first two attempts failed, but he is confident that this time it will work.

“We have a funding proposal to do this but I decided to do it separately from the Tor Browser team,” the developer explained a couple of months ago. “I’ve been trying to do this since last year.”

While Yawning Angel’s variant will only work on Linux due to the fact that it’s based on the Linux utility bubblewrap and sandboxing is OS specific, the Tor Browser team is looking at the possibility of creating an OS X version as well. A Windows version is also being considered in the long term.

Related: DNS Data Can Help Attackers Deanonymize Tor Users

Related: Tor Implements Improved Anonymity Protection

Related: Tor Rival Riffle Promises Anonymity Improvements

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

U.S. fighter jets successfully shot down the high altitude spy balloon launched by and belonging to China.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...