1 | | UNFINISHED DRAFT! |
2 | | |
3 | | = Current situation in Debian = |
4 | | |
5 | | * If you install TorBirdy + Thunderbird you will use system-wide tor. |
6 | | * If you install torbrowser-launcher you will use TBB's bundled tor, not a system-wide instance even if available. |
7 | | * If you install onionshare it depends on torbrowser-launcher and on TBB to be running. |
8 | | |
9 | | => not very consistent, several tor configurations => confused users. |
10 | | |
11 | | = Two solutions = |
12 | | |
13 | | * One system-wide instance |
14 | | |
15 | | * Spin up one instance per application |
16 | | |
17 | | See trade-offs: https://trac.torproject.org/projects/tor/wiki/org/meetings/2015SummerDevMeeting/TorProcessShare |
18 | | |
19 | | We are leaning towards "One system-wide instance" on Linux, possibly as a first step towards the "Spin up one instance per application" approach. So, from now on, we'll have "One system-wide instance" as a goal on Linux. |
20 | | |
21 | | = Security = |
22 | | |
23 | | We don't want each application to have full access to the system-wide tor's control port, so we need to use onion-grater, and ship a profile for each application. |
24 | | |
25 | | XXX: elaborate why full control port access for all applications is a terrible idea. |
26 | | |
27 | | = Best practices = |
28 | | |
29 | | == Linux == |
30 | | |
31 | | === For packagers === |
32 | | |
33 | | * Patch or reconfigure the application to use the system-wide Tor. |
34 | | * Depends: onion-grater |
35 | | * Provide a profile for onion-grater and AppArmor |
36 | | |
37 | | XXX: elaborate on these dependencies. |
38 | | |
39 | | XXX: we don't have a solution for when AppArmor is not enabled. |
40 | | |
41 | | === For application developers === |
42 | | |
43 | | XXX: set a socks user name for stream isolation (IsolateSOCKSAuth) |
44 | | |
45 | | If your application is packaged in distros: Include a system-wide (in /etc) configuration toggle for using a system-wide tor instance instead of a potentially bundled tor. |
46 | | |
47 | | Otherwise: get it packaged in distros if realistic, otherwise fallback to the Windows/TBB approach => start your own tor process. |
48 | | |
49 | | == Windows == |
50 | | |
51 | | Start your own tor process. |
52 | | |
53 | | = What about configuration sharing? = |
54 | | |
55 | | XXX: specify how this should work. Probably by writing the settings to some file all applications will look at first. |
56 | | |
57 | | == Linux == |
58 | | |
59 | | When we allow two cases, i.e. system-wide tor, and bundled tor, we need a way for all applications to still use the same tor configuration to connect to the Tor network (proxy, pluggable transport). |
60 | | |
61 | | == Windows == |
62 | | |
63 | | All apps run their own Tor but should share the tor configuration for connecting to the Tor network. |