Big change is coming "with the support of 'Unix domain sockets', and some other tweaks. A Unix domain socket is basically a way for two programs on the same computer to talk to each other without using an underlying network protocol. With that, the Firefox half of the Tor Browser should no longer need network access, Barnes continued.
"That means that you could run it in a sandbox with no network access (only a Unix domain socket to the proxy), and it would still work fine. And then, even if the Firefox half of Tor Browser were compromised, it wouldn't be able to make a network connection to de-anonymize the user," he said.
This project is a collaboration between the Tor Project and Mozilla, according to Barnes. He said it started when the Tor Project did some work on adding Unix domain socket capabilities to the Tor proxy and browser. After that, Mozilla added a general capability to Firefox allowing it to talk to proxies over Unix domain sockets. And now, the Tor Browser team is working on putting this general capability into the Tor Browser, and Mozilla is helping to fix any bugs that come up, Barnes said."
(Score: 0) by Anonymous Coward on Friday October 14 2016, @02:41PM
What's wrong with using localhost to communicate with the proxy?
(Score: 4, Interesting) by fishybell on Friday October 14 2016, @04:11PM
Usually your firewall lets localhost communicate to the internet connected ethernet devices. When your only access to the tor network is by using a bridge between localhost and the virtual adapter, essentially anything that can connect to localhost for tor and then connect to your other ethernet devices (automatically via your route configuration).
Unless you have a firewall that has rules on a per-application basis -- ie. only allow firefox to connect to localhost:9050 -- this is a superior solution. As far as I can tell, this is a superior solution to all traffic from firefox, whether you're connecting to the internet through tor or not.