Research: Disabling TBB E10/mutiprocess for Performance Boost

Development
1

The problems many have noticed with TBB performance with current VM configurations are all traceable to Firefox’s transition to a multiprocess model. One solution is to simply push up VM resource allocation. Meanwhile a more pragmatic solution is to change the behavior of the software to become more efficient. We lose out on upstream sandboxing work whenever it materializes, but we have firejail to make up for it.

Open questions:

  • Does turning off E10 make TBB fingerprintable? (Tor dev question)

  • Is this workaround future proof? (Firefox question)

  • Can we use a similar workaround like I2P browser to set these booleans in about:config for the default TBB install?

How it is done:

https://support.mozilla.org/en-US/questions/1191641

https://support.mozilla.org/en-US/questions/1191898

2 Likes
2

This is really bad.

These aren’t equals. A firejail profile not maintained by upstream has a potential for preventing Tor Browser startup and even fingerprinting issues. Similar to apparmor. Not a good candidate for installation by default. On the other hand, any sandboxing shipped by upstream is likely to not cause issues.

Might be preferable. How much?

3

I see. Well in that case it’s a non starter then.

EDIT:

Sandboxing is already in full force for Linux Firefox and hence TBB

https://wiki.mozilla.org/Security/Sandbox

I’m thinking 512MB more for the WS as a reasonable compromise.

1 Like
4

Please follow up on this one once reasonable time for the polls has passed.

https://twitter.com/Whonix/status/1070983624105676801

5

Above poll ended.

  • 01% Less than 4GB
  • 14% 4GB
  • 36% 8GB
  • 49% 12GB or more
1 Like
6

Thanks. 2GB is a good conservative change that still allows multi WS setups while also delivering decent basic performance.

1 Like
7

https://github.com/Whonix/Whonix/commit/e75f61f32eee4d947bbeea61d898fcce815b57e5