Figure out how to sandbox meek in a sensible way.
Right now sandboxed-tor-browser
does not support meek at all. This is suboptimal since it is popular.
There's two ways forward from my perspective:
-
The correct fix would be to add code to spin up another sandbox container (since I do not think that even a neutered firefox process should live in the tor sandbox), for the meek helper firefox instance.
-
The quick and dirty way would be to use
meek_lite
since obfs4proxy is allowed, and shipped versions contain the code. The downside is that it is even more distinct than meek usually is.