Selfrando: Q and A with Georg Koppen
Georg Koppen is a longtime Tor browser developer. He and Tor developer Mike Perry worked to integrate Selfrando into Tor browser.
Tell us about Selfrando, the new code being tested for Tor Browser.
Selfrando randomizes Tor browser code to ensure that an attacker doesn't know where the code is on your computer. This makes it much harder for someone to construct a reliable attack--and harder for them to use a flaw in your Tor Browser to de-anonymize you.
How were you and Tor's Mike Perry involved in the project?
We mainly worked on integrating Selfrando in Tor Browser where needed and tested it as well as we could. We closely read the paper and helped to improve it. The bulk of the work was done by the other researchers. These are Mauro Conti, Stephen Crane, Tommaso Frassetto, Andrei Homescu, Per Larsen, Christopher Liebchen, and Ahmad-Reza Sadeghi.
Can you talk about Tor's relationship with the research community?
Tor relies on the research community to ethically investigate unsolved issues with Tor software. We work closely with research groups in the anonymity space, the security space, in privacy research, etc.
Tor is the focus of many researchers. We have rigorous documentation and open, transparent development processes. We also have a working product, Tor Browser, that easily reaches 1 to 2 million users, with testing channels where one can try new defenses first and refine them as needed, as we are doing with the Selfrando project.
When will Selfrando be available for ordinary Tor users (in the stable version)?
The first thing to note here is that Selfrando is currently only available for a fraction of our users; those who have a 64-bit Linux systems. The Selfrando folks are working on a version for Windows which is not yet ready.
I think that Tor browser version 6.5 might be a bit too early for a stable release. However, if user testing shows this is okay, Selfrando will make it in. A more conservative approach is pointing to Tor browser version 7.0.
That’s a pretty long time from now (next Spring!) How can people help Tor speed it up?
We need more users testing things--more experienced people trying out our nightly/alpha builds.
Selfrando's development is good so far and the browser integration work has not been so tricky; the main problem is being confident enough that it does not break some random user setups while everything is fine and working on our testing machines.
Specifically, we need more experienced people running Linux 64-bit operating systems to download and try our hardened nightly builds. They can download the latest hardened nightly build and look for the latest "nightly-hardened" build in general at https://people.torproject.org/~linus/builds/. Obviously, these are test versions of the Tor Browser--we're trying to look for bugs.
Will there will be future collaborations with these researchers?
To port Selfrando to Windows and OSX and make it available to our users, yes!
How do you feel about the fact that the research community is teaming up with Tor to strengthen Tor browser against attacks?
I think this is great as it gives us another valuable ally to make our users safer. And in the longer run, all other users with "normal" browsers could benefit from that, too.
The researchers behind Selfrando will present their project in July at the Privacy Enhancing Technologies Symposium in Darmstadt, Germany.
An advance copy of their research paper is available here.
Selfrando is available for use in other open-source projects on Github.
will stock Firefox also use Selfrando? And what about Firefox packaged by distros like in e.g. Debian?
Not sure yet. I at least am hoping that vanilla Firefox users will benefit from this technique as well sooner than later.
How about other programs? When we'll see it as a flag in most of toolchains, like aslr/dep are?