Add option to use system's Tor binary

This is most likely needed for a release to Debian (briar-gtk#38).

added T: task label

mentioned in issue #14 (closed)

mentioned in issue briar-gtk#39 (closed)

mentioned in issue briar-gtk#38

On Briar's chat there was a tiny discussion about this issue:

@syster:

would it be possible without a major rewrite of Briar, to have a version that has the option to use the system settings for tunneling traffic through Tor? [for clarification, I'm not requesting you to do it, I'm just wanting to learn about possibilities that can lead towards Briar being adopted by Tails, or at least is easy to be installed by users]

sangy:

I think there is a quite plugin-friendly architecture to have traffic be routed through tor (I think the tor transport already exists, and it could be easily modified/extended to use system tor)

@akwizgran:

the tor plugin is built around the assumption that briar owns the tor process. for example it starts and stops the process, enables/disables its network connection, changes its bridge config...

if we were going to use an external tor process we might need to write a separate "system tor" plugin

i'm not sure what the security model would look like. we'd need access to tor's control port for managing hidden services. but that would put briar in a position of being able to break the anonymity of other apps. similarly other apps might be able to undermine some of briar's security guarantees by manipulating or observing the behaviour of the tor process

i'm not sure how much of this would be possible on tails even with a briar-owned tor process, due to other apps running as the same user

@grote:

I personally don't see a big issue to let briar run its own white-listed Tor process on Tails. Today's hardware certainly can handle two Tor processes running.

@akwizgran:

that would certainly be easier from our point of view if it's achievable

https://gitlab.tails.boum.org/tails/tails/-/issues/17715#note_151942:

• Allowing connections to port 7000 on loopback (with as many restrictions as we can, e.g. UID) seems potentially acceptable.
• Letting Briar run its own Tor process and bypass the firewall does not seem OK: this violates the user's decision to connect using a bridge or pluggable transport.

Answer by akwizgran:

i can see their point here, but it's going to make it harder for us to get briar working on tails

a couple of ideas for other approaches:

• a control port filter (this is a privileged process with access to the control port of the system tor process, which allows unprivileged/less privileged apps to access a subset of control port functionality)

• briar uses its own tor process but copies the system preferences for bridges and pluggable transports (which would include watching those settings for changes, if they can be changed during a session)

i guess giving briar direct access to the control port of the system tor process would also be an option, although it doesn't seem wise

added Tor label

I made a multible choice survey through Briar's unnofficial Mastodon account.

The Question: Would you use Briar more often, if you could easily use it with @tails?

225 people participated and answerd with:

21%Yes

24%No

22%Maybe

32%What?

you can view it here: https://fosstodon.org/@briar/105584501130923550

I checked the allocation while the survey was still running. It was all the time very similar to the end result.

marked this issue as related to briar-gtk#38

moved to briar#2095