From: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
To: Gottfried <gottfried@posteo.de>
Cc: help-guix@gnu.org
Subject: Re: tor
Date: Fri, 2 Sep 2022 01:35:43 +0200 [thread overview]
Message-ID: <20220902013543.1b0c0737@primary_laptop> (raw)
In-Reply-To: <0572b3c3-5cd6-5773-c9f5-481c905d31b7@posteo.de>
[-- Attachment #1: Type: text/plain, Size: 3174 bytes --]
On Thu, 1 Sep 2022 17:35:57 +0000
Gottfried <gottfried@posteo.de> wrote:
> Hi Denis,
Hi,
> The best would be to run Guix System and to use Tor browser in it, if
> needed.
It probably can be done somehow, as there are external repositories for
installing nonfree software on top of Guix, and so there are already
known methods for installing software without modifying it much.
So maybe it could be adapted to the tor-browser, and somehow generate
an FSDG compliant version of the tor-browser out of it by removing
or changing the text that refers to the nonfree addons repository ("Get
extensions and themes on addons.mozilla.org").
Before it was harder as the addons repository was more tightly
integrated into the tor-browser so the risk of removing the anonymity
was bigger.
In the past, I've looked for tor-browser unofficial packages for Guix
but I didn't find people who did the work, but maybe I missed it.
Sadly I don't have nor the time nor the knowledge to do a work like
that.
> So in my case:
> to use the Tor browser itself, as far as I understand it right now
> would be to use a virtual machine software and in it to install Tails.
> Is that possible?
Yes, that might be the easiest way to get it working on your computer.
> Because then Tails has already safety measures and hopefully Guix is
> going to develope in future something to use the Tor browser somehow.
In the case of either Tails or the tor-browser, people typically use
the latest version, and there are 3 security levels in the Tor-browser
so we end up with about 6 identifiable configurations.
This is because Tails adds some add blocker to their version of the Tor
Browser, and add-blockers can be distinguished. So you've got 2
possibility, multiplied by the 3 security levels.
And with many users, a lot of people are in each of these 6 identifiable
configurations, so it's not possible to easily identify people.
The issue is that Guix requires the Guix official packages to
be built from Guix.
That would require the tor-browser to be built within Guix, and if for
some reason there is a way to differentiate the Guix tor-browser and
that not enough people use it, then the anonymity it is supposed to
provide is gone. And the fact that Guix has updates all the time could
potentially make that even worse as users could be scattered around a
lot of different build versions.
So it might actually be safer to not try to add a tor-browser package
directly in Guix but either to do it outside of Guix (like in an
external repository/channel) or package in Guix something like a
tor-browser installer/launcher that downloads and patches the
tor-browser for FSDG compliance, and does some setup to be able to run
that in Guix.
Another option would be to somehow convince the tor-project to package
the tor-browser in Guix and use a specific Guix revision to do the
official releases. But that would probably require someone with a lot
of time and/or funding to do that work, and that would also require the
tor-project to have more funding to be able to spend time to actually
review that work.
Denis.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2022-09-01 23:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-28 10:52 tor Gottfried
2022-08-28 12:09 ` tor Csepp
2022-08-29 14:19 ` tor Gottfried
2022-08-30 10:54 ` tor Csepp
2022-08-30 18:32 ` tor Gottfried
2022-08-31 16:23 ` tor Denis 'GNUtoo' Carikli
2022-09-01 13:59 ` tor Denis 'GNUtoo' Carikli
2022-09-02 18:31 ` tor Gottfried
2022-09-21 9:52 ` tor Gottfried
2022-09-22 11:52 ` tor Chris Keschnat via
2022-09-01 14:27 ` tor Denis 'GNUtoo' Carikli
2022-09-01 17:35 ` tor Gottfried
2022-09-01 23:35 ` Denis 'GNUtoo' Carikli [this message]
2022-11-05 0:29 ` tor Denis 'GNUtoo' Carikli
2022-11-07 19:24 ` tor Gottfried
2022-11-07 20:14 ` tor Wojtek Kosior via
2022-11-07 23:19 ` tor Denis 'GNUtoo' Carikli
-- strict thread matches above, loose matches on Subject: below --
2022-09-23 16:36 tor Gottfried
2020-09-17 12:32 Tor Rasa Gulla via
2020-09-17 13:15 ` Tor Julien Lepiller
2020-09-17 13:18 ` Tor Rasa Gulla
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220902013543.1b0c0737@primary_laptop \
--to=gnutoo@cyberdimension.org \
--cc=gottfried@posteo.de \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.