Project

General

Profile

Feature #9431

Feature #7976: Disable LAN access in Tor Browser

Update docs wrt. disabling LAN access in the Tor Browser

Added by anonym over 4 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
05/19/2015
Due date:
% Done:

80%

Feature Branch:
feature/7976-disallow-lan-in-tor-browser
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:
Browser

History

#1 Updated by sajolida over 4 years ago

  • Assignee changed from sajolida to anonym
  • QA Check set to Info Needed

Could you quickly dump here stuff that you think should be mentioned regarding this?

#2 Updated by anonym over 4 years ago

  • Assignee changed from anonym to sajolida
  • QA Check changed from Info Needed to Dev Needed

sajolida wrote:

Could you quickly dump here stuff that you think should be mentioned regarding this?

The only change introduced is that the Tor Browser cannot access the LAN any more. If users need to browse some web/ftp server on the LAN, the docs should direct them to the Unsafe Browser. I guess we can expect a UX regression for situations where a captive portal is hosted on the LAN, since those could have been dealt with in the Tor Browser without mixing in the Unsafe Browser.

#3 Updated by intrigeri over 4 years ago

I guess we can expect a UX regression for situations where a captive portal is hosted on the LAN, since those could have been dealt with in the Tor Browser without mixing in the Unsafe Browser.

FYI, most captive portals I've seen act at the DNS level, so that scenario would not work. So, basically, to make that scenario work (in Tails 1.4), one needs a captive portal on the LAN with a IP address that the user remembers, and that indeed works when queried on that IP address (as opposed to its VirtualHost) => might happen, but not sure it's worth mentioning in the docs.

#4 Updated by intrigeri over 4 years ago

  • Subject changed from Update docs after disabling LAN access in the Tor Browser to Update docs wrt. disabling LAN access in the Tor Browser

#5 Updated by intrigeri over 4 years ago

sajolida wrote:

Could you quickly dump here stuff that you think should be mentioned regarding this?

There's also the UX regression wrt. downloading stuff from / uploading stuff to a web server on the LAN, since it's not trivial to share files between the Unsafe Browser and the desktop user (see discussions about that on the parent ticket, that sadly didn't result in any nice solution being found iirc). The workarounds we can suggest are wget/curl (if they are properly configured to use no proxy for RFC-1918 IPs), switching to other protocols such as FTP if possible, and moving stuff around as root on the command-line.

Maybe the nautilus-admin extension would be handy, but that's not for 1.4.1 IMO.

#6 Updated by sajolida over 4 years ago

  • Assignee changed from sajolida to anonym
  • QA Check changed from Dev Needed to Info Needed

Ok, sorry it took me so long to get started on this. But here is a brain dump.

I propose to leave the documentation of Unsafe Browser and Tor Browser pretty much as they are and create a dedicated page in the Advanced topics section about "Browsing web pages on the local network" or something like this.

This page would:

  • Explain that only the Unsafe Browser can visit such pages.
  • Summarize the security reasoning behind that (maybe point to the design documentation but I haven't checked it).
  • Explain how to use curl to download HTTP ressources on the LAN. I tested it and it works with no options: curl http://192.168.36.1/
  • Not explain how to fiddle with the root command line as curl is probably easier and less risky.

The existing pages would be adapted:

  • The warning "The Unsafe Browser is not anonymous" needs to point to the new page about LAN access.
  • The Tor Browser page should have a note about the fact that LAN access is disabled.

Did I miss anything?

Also, what should we recommend for FTP on LAN? This used to be in the manual test suite for Tor Browser but is this supposed to work from Nautilus? from "Connect to server"? I don't have a local FTP server to test...

#7 Updated by intrigeri over 4 years ago

Did I miss anything?

This seems to totally make sense to me. Perhaps someone who's got the big picture of our doc (e.g. BitingBird) should also have a look.

Also, what should we recommend for FTP on LAN? [...]

This:

is this supposed to work from Nautilus? from "Connect to server"?

Yes, this works fine (I'm using it regularly and will notice if it breaks).

#8 Updated by anonym over 4 years ago

  • Assignee changed from anonym to sajolida
  • QA Check changed from Info Needed to Dev Needed

sajolida wrote:

Ok, sorry it took me so long to get started on this. But here is a brain dump.

I propose to leave the documentation of Unsafe Browser and Tor Browser pretty much as they are and create a dedicated page in the Advanced topics section about "Browsing web pages on the local network" or something like this.

Sounds good, but both the Unsafe Browser and Tor Browser pages should link to this new page. OTOH, later you talk about FTP, which isn't "browsing web pages". Perhaps we need a catch-all page for more protocols and applications using the LAN?

The existing pages would be adapted:

  • The warning "The Unsafe Browser is not anonymous" needs to point to the new page about LAN access.

Why should we link there in the warning specifically? It seems like a completely normal part of these docs to me.

  • The Tor Browser page should have a note about the fact that LAN access is disabled.

And it should link to the LAN access page.

Also, what should we recommend for FTP on LAN? This used to be in the manual test suite for Tor Browser but is this supposed to work from Nautilus? from "Connect to server"? I don't have a local FTP server to test...

Nautilus works just fine for this purpose, and doesn't have the file handling issues that the Unsafe Browser has.

#9 Updated by sajolida over 4 years ago

Sounds good, but both the Unsafe Browser and Tor Browser pages should link to this new page.

Yes, that was my idea. Sorry for being unclear.

OTOH, later you talk about FTP, which isn't "browsing web pages".

Perhaps we need a catch-all page for more protocols and applications
using the LAN?

Sure, I'll make that page generic for both HTTP and FTP.

  • The warning "The Unsafe Browser is not anonymous" needs to point to the new page about LAN access.

Why should we link there in the warning specifically? It seems like a completely normal part of these docs to me.

Sorry for not quoting the relevant part of this warning. The second part
is "Use it only to log in to captive portals" which needs to be adapted
now that we also recommend Unsafe Browser for browsing on the LAN.

  • The Tor Browser page should have a note about the fact that LAN access is disabled.

And it should link to the LAN access page.

Agreed.

Also, what should we recommend for FTP on LAN? This used to be in the manual test suite for Tor Browser but is this supposed to work from Nautilus? from "Connect to server"? I don't have a local FTP server to test...

Nautilus works just fine for this purpose, and doesn't have the file handling issues that the Unsafe Browser has.

Cool!

#10 Updated by BitingBird over 4 years ago

The plan seems good :)

#11 Updated by sajolida over 4 years ago

  • Assignee deleted (sajolida)
  • QA Check changed from Dev Needed to Ready for QA

Ok, I'm done with an initial version. Please have a look either anonym or BitingBird.

#12 Updated by sajolida over 4 years ago

  • Feature Branch set to feature/7976-disallow-lan-in-tor-browser

#13 Updated by sajolida over 4 years ago

Ah, and I have two additional comments:

  • I think there was no update on the design doc regarding that (or I couldn't find any). I'm not so much into the design doc so I'll let you judge whether that's needed.
  • My documentation doesn't cover uploading files to the LAN. I don't really know what we could advertise to do that except fiddling with the command line as root which I'd rather avoid. I propose we wait and see if people complain about that and adjust accordingly.

#14 Updated by intrigeri over 4 years ago

  • Status changed from Confirmed to In Progress

#15 Updated by intrigeri over 4 years ago

  • Assignee set to intrigeri

#16 Updated by intrigeri over 4 years ago

  • Target version changed from Tails_1.4.1 to Tails_1.5
  • % Done changed from 0 to 50

The freeze was a week ago => too late to merge #7976 for 1.4.1 => postponing.

#17 Updated by intrigeri over 4 years ago

  • Assignee changed from intrigeri to sajolida
  • % Done changed from 50 to 80
  • QA Check changed from Ready for QA to Info Needed

Any reason why the headings in wiki/src/doc/advanced_topics/lan.mdwn are 2nd-level ones, and there are no 1st-level headings?

Aside of that, looks good and I'll be happy to merge it :)

#18 Updated by sajolida over 4 years ago

  • Assignee changed from sajolida to intrigeri
  • QA Check changed from Info Needed to Ready for QA

Fixed, thanks!

#19 Updated by intrigeri over 4 years ago

  • Status changed from In Progress to Resolved
  • Assignee deleted (intrigeri)
  • QA Check changed from Ready for QA to Pass

Good!

#20 Updated by BitingBird over 4 years ago

Hum... I don't see the page. Was it not merged in master?

#21 Updated by sajolida over 4 years ago

I can see it. It's in "Advanced topics" or there: https://tails.boum.org/doc/advanced_topics/lan/.

#22 Updated by BitingBird over 4 years ago

Yes, me too now :)

Also available in: Atom PDF