The Tor developer known as Yawning Angel announced over the weekend the availability of the Sandboxed Tor Browser, a version designed to offer an additional layer of security to users who value their privacy.
The Sandboxed Tor Browser, whose prototype was first announced in September, is currently in what Yawning Angel calls the “non-developer alpha version.” The source code has been made available and official binaries are expected to be released sometime this week.
Sandboxed Tor Browser 0.0.2 is likely to have bugs and there is some broken functionality. The application only works on Linux systems as it leverages bubblewrap, a sandboxing utility for Linux.
“There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely ‘an improvement over nothing’,” the developer noted. “If you require strong security, consider combining the sandbox with something like Qubes, Subgraph or Tails.”
Yawning Angel said he decided to create a sandboxed version of the Tor Browser for two main reasons: for the challenge, and because of the threat posed by “attackers,” including U.S. authorities, which have increasingly tried to unmask Tor users.
Sandboxing the Tor Browser should offer increased security for users as the sandbox traps exploits and prevents them from accessing files, real IPs and MAC addresses from the host.
Yawning Angel, who is a long-time Tor developer, is at his third attempt to create a sandboxed version of the browser – the first two attempts failed, but he is confident that this time it will work.
“We have a funding proposal to do this but I decided to do it separately from the Tor Browser team,” the developer explained a couple of months ago. “I’ve been trying to do this since last year.”
While Yawning Angel’s variant will only work on Linux due to the fact that it’s based on the Linux utility bubblewrap and sandboxing is OS specific, the Tor Browser team is looking at the possibility of creating an OS X version as well. A Windows version is also being considered in the long term.
Related: DNS Data Can Help Attackers Deanonymize Tor Users