Part of the problem is that "more secure" can mean a wide variety of things. The picture is not so clear with respect to the promised security benefits.
Hardened tor browser series#
Looking again at its purposes above, we think it is safe to say that the hardened series indeed helped us identifying issues early on: with it we found bugs both in Firefox and tor and they got resolved quickly. Rather, the impact of mixing both in Tor Browser seemed to be not well understood either: for example, does compiling Tor Browser with Address Sanitizer really lead to a more secure browser, given that the sanitizer is mainly intended as a debugging tool? Moreover, just using the hardening options provided by the toolchain seemed to be an incomplete solution to the problem-a bandaid until we could provide a more complete approach to hardening. The reason for that was not only the heavy performance impact of the hardening and debugging features we deployed. The hardened series was a non-stable series on purpose, aimed at experienced users. It should help us to identify issues earlier, therefore allowing to develop and backport fixes to the Tor Browser alpha and stable series.It should give users an even more secure Tor Browser, especially at higher security levels where JavaScript is partially or completely disabled.When we started with the hardened Tor Browser series 18 months ago, we had two main purposes in mind:
0 kommentar(er)
