Grant Tor Browser access to files as designated by the user
Current state
See #19408
Archive
Originally created by @sajolida on #10422 (Redmine)
In https://mailman.boum.org/pipermail/tails-ux/2015-September/000645.html we’re been discussing the idea of granting Tor Browser access to files if and only if the user decide to open or otherwise access it.
This would improve on the current control access policy based on a set of folders (/Tor Browser and /Persistent/Tor Browser). This idea is inspired by “Guidelines and Strategies for Secure Interaction Design” by Ka-Ping Yee and also seems to be of interest to GNOME as “Implicit permission grants from interactive operations”:
https://mail.gnome.org/archives/gnome-os-list/2015-March/msg00010.html
We should follow-up on the plans of GNOME regarding this but there’s not much we can do ourselves for the time being.
Existing WIP and discussions:
- https://trac.torproject.org/projects/tor/ticket/25578
- https://github.com/flathub/flathub/pull/1135
- https://github.com/micahflee/torbrowser-launcher/issues/407
- https://bugzilla.redhat.com/show_bug.cgi?id=1731284
- https://discussion.fedoraproject.org/t/tor-browser-on-silverblue/2032/12
Parent Task: #15678
Related issues:
- Blocks #17173
Blueprints:
- https://tails.boum.org/blueprint/Linux_containers/
- https://tails.boum.org/contribute/design/application_isolation/
Subtasks:
-
Remove the "Tor Browser" and "Tor Browser (persistent)" folders (see #15028) -
Update doc