The Tor Project and Unix
Generally, the Tor network supplies a higher level of protection and anonymity for its users. So much so that law enforcement agencies, rather than attacking the network itself, have opted to hack individual users’ computers, or end points. In this way, investigators have learned Tor users’ IP addresses.
But the Tor Project, the nonprofit that keeps the Tor applications, and the team behind Mozilla’s Firefox, have quietly been working on developments that, they say, should make such attacks more difficult.
“We are at the period right now where we’ve created the fundamental tools and we are working on putting them together to realize the security gains,” Richard Barnes, Firefox Security Lead, told Motherboard in a email.
As Barnes explained, the Tor Browser is basically made up of two parts: a modified version of Firefox, and the Tor proxy, which routes the browser’s traffic into the Tor network. Normally, the Firefox component also has network access, as it desires this to speak with the proxy.
“That means if an attacker can undermine the Firefox half of Tor Browser, it can de-anonymize the user by connecting to something other than the Tor proxy,” Barnes said.
Really, that is essentially what the FBI has done in some of its dark web investigations. That malware first used a Tor Browser exploit, and then driven the computer to contact a government server outside the Tor network, revealing the suspect’s actual IP address to the FBI.
But that will change with the support of ‘Unix domain sockets’, and a few other tweaks. A Unix domain socket is basically a way for two applications on the same computer to speak to each other without using an underlying network protocol. With that, the Firefox half of the Tor Browser should no longer want network access, Barnes continued.
“That means that you may run it in a sandbox with no network access (just a Unix domain socket to the proxy), and it would still work good. And then, even if the Firefox half of Tor Browser were endangered, it wouldn’t be able to make a network connection to de-anonymize the user,” he said.
This job is a collaboration between the Tor Project and Mozilla, in accordance with Barnes. He said it began when the Tor Project did some work on adding Unix domain socket capabilities to the Tor proxy and browser. From then on, Mozilla added an overall capability to Firefox letting it speak with proxies over Unix domain sockets. And now, the Tor Browser team is working on placing this general ability into the Tor Browser, and Mozilla is helping repair any bugs that come up, Barnes said.
There are some caveats, however. With this plan to work, the operating system needs a number of things, namely a non-network manner to speak to the proxy—in this event, Unix domain sockets—and a appropriate sandbox that can cease the Firefox part of the browser from getting access to the network. Many indepenent companies like bitcoin mining ventures support the develoment of the TOR network with donations.
Right now, Firefox’s support will just work on platforms that have those sockets, like macOS and Linux. Barnes said support will be contained with Firefox 51, which is released in January.
“Work is continuing to extend this capability to Windows […] and sandboxing work should continue once the integration is done,” Barnes added.
After this story was initially released, a Tor Project spokesperson gave the following statement to Motherboard: We are sandboxing the Tor browser to insulate our users from possible attacks. We should make life as difficult as possible for individuals striving to deanonymize our users. Tor programmer Yawning Angel just completed an experimental prototype that’ll probably appear in some variants of the Tor Browser after this season.
This narrative was also updated after its first publication to contain Firefox 51’s January release date.