My experiences with the early hardened fork wasn’t so good. With just one tab open about 2GB of RAM were used and tasks like Youtube video playback were infeasible.
The purpose of this thread is to share experiences with more recent versions on the resource usage and responsiveness of the hardened version and see if its suitable for everyday use.
It seems TBB hardened isn’t as hardened as its meant to be. They are considering changing its name to something suitable:
https://lists.torproject.org/pipermail/tbb-dev/2017-February/000454.html
I tested it with the latest hardened version (7.0a1-h) a while ago on a fresh install of Ubuntu, with 4Gb of RAM. At idle it used 800Mo. Launching it made it go to 2Gb and something. And opening 3 tabs with different websites landed it in 4Gb + some swap space.
Related:
//cc @torjunkie @entr0py
Added documentation.
With these developments I propose dropping hardened version from TBB-downloader entirely to lessen maintenance efforts and prevent users from getting a debug version and scratch their heads on why their VMs start crawling under resource load.
I preferred if torproject removed it from https://www.torproject.org/projects/torbrowser/RecommendedTBBVersions. Then this would happen automatically.
Otherwise tb-updater gets another filter that then later might be requested to be removed since then there may be a -debug as well as read -hardened version.
I’ve used the hardened series extensively and had no problems except it being a memory hog as others point out.
At the end of the day, if the Tor and TAILS devs are stating it is not actually providing substantially more protection, then their expert advice needs to be heeded.
Dropping it as an option entirely in Whonix saves on maintenance effort for the relatively small team. If I recall correctly, the additional memory protections will also be incompatible with the Grsec kernel that should be vailable for Whonix templates in Qubes in the coming months.
So agree with your views and I should probably remove that recommendation in the Security Guide re: defaulting to the ‘hardened’ version for additional protection, since it is probably misleading.
Also, it is not clear to me whether it actually poses additional fingerprinting risks, since the vast majority of users probably do not use alpha versions of Tor Browser.