Grant Tor Browser access to files as designated by the user
In https://mailman.boum.org/pipermail/tails-ux/2015-September/000645.html we’re been discussing the idea of granting Tor Browser access to files if and only if the user decide to open or otherwise access it.
This would improve on the current control access policy based on a set of folders (/Tor Browser and/Persistent/Tor Browser). This idea is inspired by “Guidelines and Strategies for Secure Interaction Design” by Ka-Ping Yee and also seems to be of interest to GNOME as “Implicit permission grants from interactive operations”:
https://mail.gnome.org/archives/gnome-os-list/2015-March/msg00010.html
We should follow-up on the plans of GNOME regarding this but there’s not much we can do ourselves for the time being.
Existing WIP and discussions:
- https://trac.torproject.org/projects/tor/ticket/25578
- https://github.com/flathub/flathub/pull/1135
- https://github.com/micahflee/torbrowser-launcher/issues/407
- https://bugzilla.redhat.com/show_bug.cgi?id=1731284
- https://discussion.fedoraproject.org/t/tor-browser-on-silverblue/2032/12
Blueprint: https://tails.boum.org/contribute/design/application_isolation/
Parent Task: #15678
Subtasks
Related issues
- Related to #15472 (closed)
- Related to #9534 (closed)
- Related to #16356 (closed)
- Blocks #17173
Original created by @sajolida on 10422 (Redmine)