ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)
135 views
Skip to first unread message
Rusty Bird
Nov 30, 2016, 12:13:27 PM11/30/16
to qubes...@googlegroups.com, tor-...@lists.torproject.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
"Everyone loves the Whonix approach of running Tor Browser and the tor
daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
Let's take it a step further and run Tor Browser (or other Firefox
versions) in a DisposableVM connecting through the tor VM (or through
any other NetVM/ProxyVM), while storing bookmarks and logins in a
persistent VM - with carefully restricted data flow.
In this setup, the DisposableVM's browser can send various requests to
the persistent VM:
- Bookmark the current page
- Let the user choose a bookmark to load
- Let the user authorize logging into the current page
But if the browser gets exploited, it won't be able to read all your
bookmarks or login credentials and send them to the attacker. And you
can restart the browser DisposableVM frequently (which shouldn't take
more than 10-15 seconds) to 'shake off' such an attack."
... continued at https://github.com/rustybird/qubes-split-browser
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYPwiVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfz40P/iunQJo+8jsG1XrM+nlB66Bd
D7y/fZnx8MhZi28058XvQzlyEqEIZz9T/rzbXuB67ERHkWHoHuYaYufeMG7fCrRz
wTpAwX+5F4N50Cfbleq0EDYnGgdey83k7e4QqYV6mgBU/vBNLYIi8gSl0Jld9by2
/q6XP1ywGmD/qg7Quf94tgEGHPsg1CssiX6TjgcUynsC37ouChB5XLwsNJ6c72Xf
YktYd+KqXfX7kCt1B1EgMa1udjvybeS4oLCh4UEC+X3bcQaaN3c5PXc3lphdzkbv
Xa4qP/6sDt/Vb216zR8xuRa6TORs7YEM3Bz19ydSwcHpL2vQzwAhsajczmkW0F38
n0BSEerpyB9pOhAEL7lETqoYe8fEBJBF/h5oy7dFf5yTp5gAp4EIs4eOsxHOxwjG
nJAxlYZ8gBmXg00Ed8o5AlKhBY3X1vY8wE3e54p7jXcdDaaHKOfIpafCfhhaM8CF
aiCZWk6lzU3ptyzsXsCv8bESQvoDNRiKPQP4z5d5NiCTxb6kWxwhM/NTn7MfA8oq
aqQwC/uuHpnHzzdv9PMSFDdeuKIIodYSzFm9FutDsXg6VyCX/04KurMjDZJF4lTL
PnS3S/sP7meIMvs4xPOUXjN7HMhT7spxKAYOfOYgA+UYpvTz/gNFdNY0MZW1HCkv
d5Oaet39i+NGXvDLwCo3
=dZiz
-----END PGP SIGNATURE-----
Hash: SHA512
"Everyone loves the Whonix approach of running Tor Browser and the tor
daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
Let's take it a step further and run Tor Browser (or other Firefox
versions) in a DisposableVM connecting through the tor VM (or through
any other NetVM/ProxyVM), while storing bookmarks and logins in a
persistent VM - with carefully restricted data flow.
In this setup, the DisposableVM's browser can send various requests to
the persistent VM:
- Bookmark the current page
- Let the user choose a bookmark to load
- Let the user authorize logging into the current page
But if the browser gets exploited, it won't be able to read all your
bookmarks or login credentials and send them to the attacker. And you
can restart the browser DisposableVM frequently (which shouldn't take
more than 10-15 seconds) to 'shake off' such an attack."
... continued at https://github.com/rustybird/qubes-split-browser
Rusty
-----BEGIN PGP SIGNATURE-----
iQJ8BAEBCgBmBQJYPwiVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfz40P/iunQJo+8jsG1XrM+nlB66Bd
D7y/fZnx8MhZi28058XvQzlyEqEIZz9T/rzbXuB67ERHkWHoHuYaYufeMG7fCrRz
wTpAwX+5F4N50Cfbleq0EDYnGgdey83k7e4QqYV6mgBU/vBNLYIi8gSl0Jld9by2
/q6XP1ywGmD/qg7Quf94tgEGHPsg1CssiX6TjgcUynsC37ouChB5XLwsNJ6c72Xf
YktYd+KqXfX7kCt1B1EgMa1udjvybeS4oLCh4UEC+X3bcQaaN3c5PXc3lphdzkbv
Xa4qP/6sDt/Vb216zR8xuRa6TORs7YEM3Bz19ydSwcHpL2vQzwAhsajczmkW0F38
n0BSEerpyB9pOhAEL7lETqoYe8fEBJBF/h5oy7dFf5yTp5gAp4EIs4eOsxHOxwjG
nJAxlYZ8gBmXg00Ed8o5AlKhBY3X1vY8wE3e54p7jXcdDaaHKOfIpafCfhhaM8CF
aiCZWk6lzU3ptyzsXsCv8bESQvoDNRiKPQP4z5d5NiCTxb6kWxwhM/NTn7MfA8oq
aqQwC/uuHpnHzzdv9PMSFDdeuKIIodYSzFm9FutDsXg6VyCX/04KurMjDZJF4lTL
PnS3S/sP7meIMvs4xPOUXjN7HMhT7spxKAYOfOYgA+UYpvTz/gNFdNY0MZW1HCkv
d5Oaet39i+NGXvDLwCo3
=dZiz
-----END PGP SIGNATURE-----
Chris Laprise
Nov 30, 2016, 2:34:46 PM11/30/16
to qubes...@googlegroups.com, tor-...@lists.torproject.org
On 11/30/2016 12:12 PM, Rusty Bird wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> "Everyone loves the Whonix approach of running Tor Browser and the tor
> daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
>
> Let's take it a step further and run Tor Browser (or other Firefox
> versions) in a DisposableVM connecting through the tor VM (or through
> any other NetVM/ProxyVM), while storing bookmarks and logins in a
> persistent VM - with carefully restricted data flow.
>
> In this setup, the DisposableVM's browser can send various requests to
> the persistent VM:
>
> - Bookmark the current page
> - Let the user choose a bookmark to load
> - Let the user authorize logging into the current page
>
> But if the browser gets exploited, it won't be able to read all your
> bookmarks or login credentials and send them to the attacker. And you
> can restart the browser DisposableVM frequently (which shouldn't take
> more than 10-15 seconds) to 'shake off' such an attack."
>
> ... continued at https://github.com/rustybird/qubes-split-browser
>
> Rusty
This looks very interesting... will be trying it our soon. Thanks!
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> "Everyone loves the Whonix approach of running Tor Browser and the tor
> daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
>
> Let's take it a step further and run Tor Browser (or other Firefox
> versions) in a DisposableVM connecting through the tor VM (or through
> any other NetVM/ProxyVM), while storing bookmarks and logins in a
> persistent VM - with carefully restricted data flow.
>
> In this setup, the DisposableVM's browser can send various requests to
> the persistent VM:
>
> - Bookmark the current page
> - Let the user choose a bookmark to load
> - Let the user authorize logging into the current page
>
> But if the browser gets exploited, it won't be able to read all your
> bookmarks or login credentials and send them to the attacker. And you
> can restart the browser DisposableVM frequently (which shouldn't take
> more than 10-15 seconds) to 'shake off' such an attack."
>
> ... continued at https://github.com/rustybird/qubes-split-browser
>
> Rusty
Chris
Andrew David Wong
Nov 30, 2016, 11:50:03 PM11/30/16
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-11-30 09:12, Rusty Bird wrote:
> "Everyone loves the Whonix approach of running Tor Browser and the tor
> daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
>
> Let's take it a step further and run Tor Browser (or other Firefox
> versions) in a DisposableVM connecting through the tor VM (or through
> any other NetVM/ProxyVM), while storing bookmarks and logins in a
> persistent VM - with carefully restricted data flow.
>
> [...]
> "Everyone loves the Whonix approach of running Tor Browser and the tor
> daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
>
> Let's take it a step further and run Tor Browser (or other Firefox
> versions) in a DisposableVM connecting through the tor VM (or through
> any other NetVM/ProxyVM), while storing bookmarks and logins in a
> persistent VM - with carefully restricted data flow.
>
This looks extremely cool. Thanks, Rusty. Tracking potential
integration here:
https://github.com/QubesOS/qubes-issues/issues/2469
Also added to the community-developed feature tracker:
https://www.qubes-os.org/qubes-issues/
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYP6vyAAoJENtN07w5UDAwmt0P+wQnb13rNf6aiFOmtCHJuB6N
cWRKh9hGGWHCzOUoxS90YAED+mM5S8NjbPJNe5s73B81pBBQY7Pt9/DN2cO3A6jB
wUtpE/01YhNaKYssnrqOamnbk8+w5hefeUeOfIW+CVzvAqAlkoUn+N9NSbSMjOT4
yDIgLnUDg7s38/EtSOiwPzr1rQmBSKAx3LzjqSzWAHRTQqQUXcgK6/XEuTevZcbF
CsXxOMzqCLB4CBg4ZosPuFyUDAhIZSKT93FDh2eq1LElmpAXbtFm+BhAY/+Xj27v
NxO0gINpWflTivi58hmL0lmh5oCx82xosW7A1Pe//0Dk8lHuNRk5OMGED3ZSY07B
kX1ffU/8pkzbQuBd+dOffU2C9XU1gBYPnMdEwUZ+AWFIpTPgjQb3ZhbCuPzuK1fG
aYa902S7oAW5M2E2WhU8u5s/SShXC2DjvELAFlWiEfPXnWOzkuwbLFmd9NGNTFj0
8q1iypp9f9JTCg7FbhUiD9Xxve1NxmOxBJPzjoC46s2K6ecSuDuztTcK5VaEtKcv
q9ayojyAEaZjqJwfki/+QBzwCS+QRY8olTF6gjJkcw7qEI2cAlM6F4M0VqGuhL1p
b/8UGIcSoxbirZvIqJwez6JWRF7oQ5iUuPZE4U4oQvS85+VVV3d3VMd7mil+uneT
j0xWYBuGr/87vNSAD8wZ
=WvEA
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages