Delivery-Date: Sat, 11 Apr 2015 20:20:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5179B1E00C2
	for <archiver@seul.org>; Sat, 11 Apr 2015 20:20:08 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BE5AA34D5B;
	Sun, 12 Apr 2015 00:20:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C144A34D56
 for <tor-talk@lists.torproject.org>; Sun, 12 Apr 2015 00:19:59 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id e-14Me-K6z2Y for <tor-talk@lists.torproject.org>;
 Sun, 12 Apr 2015 00:19:59 +0000 (UTC)
Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42])
 by eugeni.torproject.org (Postfix) with ESMTP id 9464F3333A
 for <tor-talk@lists.torproject.org>; Sun, 12 Apr 2015 00:19:59 +0000 (UTC)
Received: from yuri.doctorlan.com (c-50-184-63-128.hsd1.ca.comcast.net
 [50.184.63.128]) (authenticated bits=0)
 by shell1.rawbw.com (8.14.9/8.14.9) with ESMTP id t3C0JrCY081655
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Sat, 11 Apr 2015 17:19:54 -0700 (PDT) (envelope-from yuri@rawbw.com)
X-Authentication-Warning: shell1.rawbw.com: Host
 c-50-184-63-128.hsd1.ca.comcast.net [50.184.63.128] claimed to be
 yuri.doctorlan.com
Message-ID: <5529BA28.30909@rawbw.com>
Date: Sat, 11 Apr 2015 17:19:52 -0700
From: Yuri <yuri@rawbw.com>
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Tor Talk List <tor-talk@lists.torproject.org>
References: <54E36CA2.9040504@mykolab.com>
In-Reply-To: <54E36CA2.9040504@mykolab.com>
Cc: libertas@mykolab.com
Subject: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 02/17/2015 08:30, Libertas wrote:
> Has anyone looked into this? I talked to the maintainer of the OpenBSD
> Firefox port, but he wasn't very interested and pointed out the
> difficulty caused by the deterministic build system.
>
> I can verify that it doesn't work out of the box, but haven't had time
> to play with it much more than that. I think that the Tor Browser is an
> increasingly important tool, and that it's a problem that it isn't
> available on the BSDs.
>
> Thoughts? Suggestions?


There is no need to port TBB to BSD. Not worth of the effort. TBB is 
unable to 100% separate tor and non-tor connections due to the network 
stack architecture. TBB users are typically recommended to disable 
JavaScript, to disable Flash, to not go to certain websites, to not use 
any plugins and addons, etc. This doesn't sound like a very secure 
system. The potential leaks (IP and DNS) are virtually unavoidable with TBB.

Security-by-isolation approach provides much better security in general, 
because it relies on the small and simple code in the core of the 
network tunnel.

Whonix https://www.whonix.org is a very good solution available on all 
BSDs today. For some reason it remains under-appreciated.

I myself also designed and implemented another solution for FreeBSD: 
vbox-to-tor https://github.com/yurivict/freebsd-vbox-to-tor It allows to 
run the user choice of OS in VirtualBox machine which is connected to 
the tor instance that is running on the host. It is extremely easy to 
setup, only few lines in rc.conf. (well, it will be extremely easy when 
it will be in ports and when kernel and port patches are in).

Yuri
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

