Yes, the Tor Project is working on a sandboxed version of the Tor Browser that would isolate the Tor Browser from other processes of the operating system and limit its ability to interact or query low-level APIs that can lead to the exposure of real IP addresses, MAC addresses, computer name, and more.
Sandboxing is a security mechanism for separating running programs. When an application is sandboxed, its process runs in a separate environment from the underlying operating system, so that errors or security issues in that application can not be leveraged to affect other parts of the OS.
Sandbox applications are enabled in their own sequestered area and memory, where they can be worked on without posing any threat to other applications or the operating system.
Major modern browsers, including Chrome, Firefox, and Edge, use sandboxed environments to separate themselves from the operating system.
However, the Tor Browser, which itself is based on the open-source Mozilla Firefox browser, did not use the sandboxing environment that left the browser somewhat insecure even after so many privacy protection features.
Just rewind the FBI's 2015 investigation into child pornography site Playpen, in which the agency hacked into some 8,700 computers across 120 different countries.
The FBI used Tor exploits to identify and catch visitors of PlayPen hiding their real identity using Tor. Such exploits targeting the Tor Browser can also be used to unmask the identity of journalists, political dissidents, and others.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
Keeping this in mind, the Tor Project started working on a Sandboxed version of the Tor Browser in September this year.
The idea behind the move is that exploits and vulnerabilities targeting Tor Browser are trapped inside the sandbox environment and can not get out and affect the rest of the computer or unmask anyone.
Tor developers have released the first version of its new and improved Tor Browser, though the version is still very much an alpha; so one can expect bugs, some potentially major ones.
One of the developers working on the project describes the browser features as:
- A Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring tor, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers.
- Linux seccomp-bpf + namespace based containers for Tor Browser, that attempts to prevent/mitigate exploits and reduce the amount of personally identifiable information to a minimum, centered around bubblewrap (runtime dependency).
If you are more privacy conscious, you should use a Virtual Private Network (VPN) with Tor.
As I previously recommended, Privatoria VPN provides a number of great features, including VPN, VPN Tor, Proxy, Proxy Tor, and Anonymous Emails, which makes it one of the reliable VPN services available in the market.
You can try Privatoria VPN Free Trial today and secure your web experience.