Re: [Tails-dev] Tor Launcher automation meeting

Hi,

sajolida:
> tails-dev: Part of my mission was to ask two more technical questions
> but apparently it's too early to answer both of them with certainty:

> 18:47:50: #1: What kind of network connections will Tor Launcher
> initiate *itself* (as opposed to asking little-t-tor to)? None?

> The answer is unclear but Tor Launcher will probably initiate some
> network activity of its own, for example to start meek-client to talk to
> bridgedb.

OK, this is very good to know: it can prevent us from wasting time on
developments that would be incompatible with this upcoming feature.

That's a bit sad for upstream Tor Browser (as long as Tor Launcher is
part of the Firefox process, this will make it impossible to sandbox
Tor Browser in a way that it can't initiate network communication
without going through little-t-tor).

As far as Tails is concerned:

* At the moment we run Tor Launcher as a dedicated user (so we're not
affected by that sandboxing limitation); now, we have plans to
change that (#9051), which would be very problematic once Tor
Launcher needs to initiate network activity of its own. Added this
note to that ticket.

* We don't sandbox Firefox processes this much anyway: the benefit
would be very limited considering we also have our firewall as an
additional layer of protection that will prevent Tor Browser to
bypass Tor.

> 18:58:56: #3: Any news on the possible language and coding dependencies
> for this new Tor Launcher? How easy is it going to be to reuse it in
> Tails? :)

> The answer is unclear as well but mcs says that they will likely not
> have enough time to create a completely new Tor Launcher.

So on the short term, nothing changes for us, but the future is
uncertain apparently. I do hope Tor Launcher becomes an external
process in light of the improved sandboxing it'll allow (outside of
Tails).

> Hope it's useful :)

It is, thanks a lot!

Cheers,
--
intrigeri