help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tor


From: Denis 'GNUtoo' Carikli
Subject: Re: tor
Date: Fri, 2 Sep 2022 01:35:43 +0200

On Thu,  1 Sep 2022 17:35:57 +0000
Gottfried <gottfried@posteo.de> wrote:

> Hi Denis,
Hi,

> The best would be to run Guix System and to use Tor browser in it, if 
> needed.
It probably can be done somehow, as there are external repositories for
installing nonfree software on top of Guix, and so there are already
known methods for installing software without modifying it much.

So maybe it could be adapted to the tor-browser, and somehow generate
an FSDG compliant version of the tor-browser out of it by removing
or changing the text that refers to the nonfree addons repository ("Get
extensions and themes on addons.mozilla.org").

Before it was harder as the addons repository was more tightly
integrated into the tor-browser so the risk of removing the anonymity
was bigger.

In the past, I've looked for tor-browser unofficial packages for Guix
but I didn't find people who did the work, but maybe I missed it.

Sadly I don't have nor the time nor the knowledge to do a work like
that.

> So in my case:
> to use the Tor browser itself, as far as I understand it right now
> would be to use a virtual machine software and in it to install Tails.
> Is that possible?
Yes, that might be the easiest way to get it working on your computer.

> Because then Tails has already safety measures and hopefully Guix is 
> going to develope in future something to use the Tor browser somehow.
In the case of either Tails or the tor-browser, people typically use
the latest version, and there are 3 security levels in the Tor-browser
so we end up with about 6 identifiable configurations.

This is because Tails adds some add blocker to their version of the Tor
Browser, and add-blockers can be distinguished. So you've got 2
possibility, multiplied by the 3 security levels.

And with many users, a lot of people are in each of these 6 identifiable
configurations, so it's not possible to easily identify people.

The issue is that Guix requires the Guix official packages to
be built from Guix.

That would require the tor-browser to be built within Guix, and if for
some reason there is a way to differentiate the Guix tor-browser and
that not enough people use it, then the anonymity it is supposed to
provide is gone. And the fact that Guix has updates all the time could
potentially make that even worse as users could be scattered around a
lot of different build versions.

So it might actually be safer to not try to add a tor-browser package
directly in Guix but either to do it outside of Guix (like in an
external repository/channel) or package in Guix something like a
tor-browser installer/launcher that downloads and patches the
tor-browser for FSDG compliance, and does some setup to be able to run
that in Guix.

Another option would be to somehow convince the tor-project to package
the tor-browser in Guix and use a specific Guix revision to do the
official releases. But that would probably require someone with a lot
of time and/or funding to do that work, and that would also require the
tor-project to have more funding to be able to spend time to actually
review that work.

Denis.

Attachment: pgpHCWDlysuf6.pgp
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]