Hacker News new | past | comments | ask | show | jobs | submit login

Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon).



tor provides a socks proxy, which you can assign to a container easy enough w/ the container proxy addon.


Though you won't get stream isolation this way https://www.whonix.org/wiki/Stream_Isolation


Does FF send DNS requests via the proxy? Depending on the personal threat model and the ISP, that might matter.


FF defaults to DNS-over-HTTPS now, so I would imagine it does, although I can't find solid confirmation.


Only in the US.


There are checkboxes to control this in the Firefox proxy settings. "Proxy DNS when using SOCKS v5" and "Enable DNS over HTTPS".


In the proxy options, there's a box to tick for sending DNS through the proxy or not.


Thank you, I'll look in to this!


Be careful doing this though, there's a reason Tor Browser exists and it is because it's very hard to do anonimity over Tor right on a default browser.

Granted, Tor tries to upstream as much as it reasonably can to FF, but there's still large differences in defaults that could give away (some bits of) your identity.


See this comment first, not mine but might as well be https://news.ycombinator.com/item?id=24853678

It's all baby steps. I don't expect to be fully anonymous this way, just like I know my current setup does not foil more sophisticated tracking.


"Anyone in the know: what would it take to implement a "container over tor"? I am not currently a tor user, but absolutely would if I could integrate it with my current workflow (using the temporary containers addon)."

This is my every-six-months wish/rant on this subject ...

What we need is the ability to 'jail' a GUI browser process.

It is too resource intensive to spin up an actual virtual machine to run a browser window/tab. However, a facility like 'jail' (or zones or, perhaps even Docker) that simply chroots a new process with its own network interface, etc., does not have any of that expense.

It really is just a fancy chroot and the expense is limited to the overhead of just the process you're running.

If you could 'jail' a GUI application, you could have a browser window that was not merely its own cookie domain or history domain, but that was on an entirely different network and it's own chroot.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: