undefined | Better HN

0 pointssmichel175y ago0 comments

Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon).

0 comments

hannibalhorn5y ago

tor provides a socks proxy, which you can assign to a container easy enough w/ the container proxy addon.

beardog5y ago

Though you won't get stream isolation this way https://www.whonix.org/wiki/Stream_Isolation

aasasd5y ago

Does FF send DNS requests via the proxy? Depending on the personal threat model and the ISP, that might matter.

TheFlyingFish5y ago

FF defaults to DNS-over-HTTPS now, so I would imagine it does, although I can't find solid confirmation.

1 more reply

Liquid_Fire5y ago

There are checkboxes to control this in the Firefox proxy settings. "Proxy DNS when using SOCKS v5" and "Enable DNS over HTTPS".

computerfriend5y ago

In the proxy options, there's a box to tick for sending DNS through the proxy or not.

smichel17OP5y ago

Thank you, I'll look in to this!

breakingcups5y ago

Be careful doing this though, there's a reason Tor Browser exists and it is because it's very hard to do anonimity over Tor right on a default browser.

Granted, Tor tries to upstream as much as it reasonably can to FF, but there's still large differences in defaults that could give away (some bits of) your identity.

1 more reply

rsync5y ago

"Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon)."

This is my every-six-months wish/rant on this subject ...

What we need is the ability to 'jail' a GUI browser process.

It is too resource intensive to spin up an actual virtual machine to run a browser window/tab. However, a facility like 'jail' (or zones or, perhaps even Docker) that simply chroots a new process with its own network interface, etc., does not have any of that expense.

It really is just a fancy chroot and the expense is limited to the overhead of just the process you're running.

If you could 'jail' a GUI application, you could have a browser window that was not merely its own cookie domain or history domain, but that was on an entirely different network and it's own chroot.

1 more reply

j / k navigate · click thread line to collapse

0 comments

hannibalhorn5y ago

tor provides a socks proxy, which you can assign to a container easy enough w/ the container proxy addon.

beardog5y ago

Though you won't get stream isolation this way https://www.whonix.org/wiki/Stream_Isolation

aasasd5y ago

Does FF send DNS requests via the proxy? Depending on the personal threat model and the ISP, that might matter.

TheFlyingFish5y ago

FF defaults to DNS-over-HTTPS now, so I would imagine it does, although I can't find solid confirmation.

1 more reply

Liquid_Fire5y ago

There are checkboxes to control this in the Firefox proxy settings. "Proxy DNS when using SOCKS v5" and "Enable DNS over HTTPS".

computerfriend5y ago

In the proxy options, there's a box to tick for sending DNS through the proxy or not.

smichel17OP5y ago

Thank you, I'll look in to this!

breakingcups5y ago

Be careful doing this though, there's a reason Tor Browser exists and it is because it's very hard to do anonimity over Tor right on a default browser.

Granted, Tor tries to upstream as much as it reasonably can to FF, but there's still large differences in defaults that could give away (some bits of) your identity.

1 more reply

rsync5y ago

This is my every-six-months wish/rant on this subject ...

What we need is the ability to 'jail' a GUI browser process.

It really is just a fancy chroot and the expense is limited to the overhead of just the process you're running.

If you could 'jail' a GUI application, you could have a browser window that was not merely its own cookie domain or history domain, but that was on an entirely different network and it's own chroot.

1 more reply

j / k navigate · click thread line to collapse