Re: [Tails-dev] Tor Launcher extension [Was: Mike's March 20…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
A: Kathleen Brade
CC: tails-dev, Mark Smith, Mike Perry
Assumptes nous: Re: [Tails-dev] Tor Launcher extension
Assumpte: Re: [Tails-dev] Tor Launcher extension [Was: Mike's March 2013]
Hi,

thanks for your prompt answer, and sorry for the delay.

Kathleen Brade wrote (23 Oct 2013 18:08:23 GMT) :
> Can you describe your requirements in more detail? Here are some of our questions:


> - Do you use Vidalia to launch tor (I would guess not) or just as a controller to
> allow people to adjust settings?


Tor is started system-wide in Tails (from a NetworkManager hook).
As you had correctly guessed, we use Vidalia purely as a controller.

> - What features of Vidalia do you need? Currently, Tor Launcher only provides "start
> tor", network settings, and "Copy Tor Log to Clipboard" capabilities. Within the TBB
> Browser, users can create a new identity but that is handled by Tor Button.


At a glance, I think this should be enough for Tails.

I'll miss the network map, especially when testing stream isolation
etc., but we alse ship arm, so I guess we will just tell developers
and advanced users to use that one for more advanced needs.

> - Does the Tor network settings window need to be displayed at login time, e.g., to
> allow configuration before tor touches the network?


In bridge mode, Tor network settings must indeed be displayed before
Tor touches the network. Our current plan is to start Tor with the
DisableNetwork option enabled in torrc, then have the user configure
bridges in Vidalia, then allow Tor to talk to the network... but
I personally would be very happy if we could simply s/Vidalia/Tor
Launcher/ in this plan.

Relevant Tails tickets are:

https://labs.riseup.net/code/issues/5920
https://labs.riseup.net/code/issues/5305

> - How do you currently prevent the desktop user from reconfiguring tor?


We don't: the desktop upser (or an attacker with sufficient privs to
generate X input events) can use the Vidalia UI. They don't have
direct access to the control port, though.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc