surely tor and the browser should be in separate dockers? #2
Description
The tor proxy should be run in docker.
This docker itself contains a separate browser docker embedded. This browser docker is firewalled so the only outbound connection it can make is to the tor proxy.
Then the browser can allow plugins etc; normally the tor browser bundle disabled plugins for fear they can avoid using the tor proxy, but in this case the firewalled docker would suddenly enable a real advantage over the normal tor browser.
And rather than naked x-forwarding, using vnc or similar bitmap-scraping based protocol may reduce the attack surface further?