Hi all. I am a Tor Project Developer and work at Mozilla on this project. We appreciate everyone's enthusiasm and feedback. Our ultimate goal is a long way away because of the amount of work to do and the necessity to match the safety of Tor Browser in Firefox when providing a Tor mode. There's no guarantee this will happen, but I hope it will and we will keep working towards it.
If anyone is interested in assisting development-wise, Firefox bugs tagged 'fingerprinting' in the whiteboard are a good place to start. You can also run Tor relays and help us improve the health of the network by working with Tor's new Relay Advocate (https://blog.torproject.org/get-help-running-your-relay-our-...). More people being involved in spec work (especially at the W3C) and focusing on fingerprinting and privacy concerns is also very useful - it's very hard to keep eyes on all the things happening everywhere.
We also appreciate users of Firefox Beta and Nightly (Nightly especially). The flags Tor features are developed behind (privacy.resistFingerprinting and privacy.firstparty.isolate) are experimental. I appreciate bug reports from users running these flags but you should expect them to break things on the web (resistFingerprinting especially; first party isolate is generally more stable and usually only has breakage on particular login forms).
>You can also run Tor relays and help us improve the health of the network by working with Tor's new Relay Advocate
Since I've seen this come up before in many previous discussions of Tor I think it's worth emphasizing/clarifying up front: Tor relays are not the same as Tor exit nodes. Relays do not talk to the public internet, they serve only the full encrypted internal Tor virtual network. So they won't ever send out traffic from an IP under your control to some website or general Internet system (and in turn tie that IP in any way to spam/abuse/whatever, at least not for that reason). It's not necessarily hidden that it is acting as a relay, but the relay itself will have no knowledge of the traffic it's carrying.
Plenty of people have reasonable concerns about the risks/inconveniences that might come with acting as an exit node, but on both a legal and practical level there are many more jurisdictions where merely relaying encrypted traffic between other relays isn't a problem. And it's still quite helpful, both for network speed and because purely internal Tor Hidden Services do not need any exit nodes at all.
Given the low level of technical knowledge with a great deal of US law enforcement, increasing militarization, no knock warrants, etc... Please think twice before running an exit node from your house. Do it in Colo somewhere with a small, plucky ISP owned by a first and fourth amendment absolutist.
Thanks for your effort! If I can ask, how much overlap exists between your team and the team overseeing the implementation of security protocols within Firefox e.g. HSTS, CSP, etc.? It'd be neat to see Firefox drive innovation here alongside the effort to weave Tor into the browser; although I wouldn't necessarily treat Tor integration the same as I might the implementation of other security specifications, I can see how the teams working on such might overlap, hence my question.
> Our ultimate goal is a long way away because of the amount of work to do and the necessity to match the safety of Tor Browser in Firefox when providing a Tor mode.
If that doesn't pan out, do you expect the ongoing work on this project to reduce the size of the patches that the Tor Browser project needs to carry on top of the Firefox trunk?
Ultimatest super-goal: make anonymity the default stance and socially accepted norm. Do with anonymous browsing what WhatsApp did with E2E encryption. Force big data suckers to invent new business models for exploiting our data without breaching our privacy.
Ultimate goal of the Tor project, that is. Lots of people in this comment thread seem to have not clicked the link and are presuming that this is a Firefox roadmap. The Mozilla analogue of this page only mentions bringing Tor features into Firefox, without stating a goal of obviating the Tor Browser entirely.
Is it a fork? I thought it was a heavily customized version of Firefox ESR with specific settings and defaults using the channels OEM configs. Looking at the binaries, it's definitely not the standard build anymore.
What will Mozilla do about the Tor network's usability problems? Advanced users can workaround them and because they understand the benefits and engineering, accept the frustrations as a cost for a worthwhile (and free) technology. But what will non-technical users do?
Many public Internet websites filter connections from the Tor network, many other websites are very slow, yet others impose extra obstacles such as multiple rounds of captchas (even 5 or more) or degraded service (including high suspicion of payments), and of course you often will receive webpages in the wrong locale or language - which can trigger regional filters. Currently, workarounds requires resetting the circuit (few non-technical users will even understand what the circuit is), lots of patience and reloads, and often just giving up. [EDIT: And non-technical users won't understand what is happening and therefore won't know when to use which workaround.]
If that's the experience of typical Firefox users, they won't use it and they will have bad associations with Tor and Firefox.
They aren't Tor network usability problems. They're clear web network usability problems. It'd be great if more people used Tor, NoScript (yes, I know this will not be baked in), and other privacy protecting mechanisms so that clear web sites would care about the users they're intentionally making the experience worse for.
There are many things in the Tor Browser that benefit privacy that are separate from the use of the Tor network, and it's these things that Firefox is most likely to adopt.
Which sites in 2018 still present multiple CAPTCHAs to users with cookies and JavaScript enabled?
I think the theory behind this project is that those problems are primarily caused by Tor's popular image as a 'fringe network for pedophiles and drug dealers' and that by making it more mainstream they can fix those issues.
(please more replies saying "that sounds really hard" and less replies saying "tor is not a fringe network for pedophiles and drug dealers", thanks)
With wider adoption of ipv6 and all the good things that come with it (don't mistake me, they are great!) also comes the risk that each computer will get a uniquely identifiable IP address that will be used for fingerprinting. I've never really used Tor in the past, but this got me thinking about it.
An option could be to provide a webRTC-based node, but I am not sure how feasible that would be, after reading some comments here. Maybe for entry nodes and guard nodes instead of exit nodes? The transient nature of browser sessions could greatly enhance privacy. Of course, you would need some algorithms to deal with this very nature... But I can imagine some.
This surely lowers the barrier to entry for greatly enhanced privacy. Quite a lot of people seem to be aware of the private browsing mode, and I can imagine this being turned into a simple toggle on the private browsing home page, along with a short explanation (and a link to additional privacy tips).
A low hanging fruit that could enhance the privacy a bit would be to use the trusted recursive resolver (DNS over https) in private browsing by default, since it already is part of Firefox. It just needs a default trusted resolver.
Cool, now let me start an ephemeral v3 onion service from JS and have it reachable via WebRTC by a peer who has their own. It's the perfect tech marriage, removes signalling servers and NAT busters, but may be a bit taxing on directory servers and too slow to use for media streams (but I'll take data channels only).
Hah, kinda reminds me of Opera Unite. (That one wasn't from JS, it offered some fixed applications like file hosting, notes, etc., but it was hosting stuff from the browser)
sounds really useful, but to be fair, it doesn't really remove either. you're effectively just using the Tor network as freely available (but slow) signalling and TURN servers.
This would be amazing. The main reason I've never used Tor is the fear that it would make me look like I had something to hide (instead of just a general desire for privacy). If it were built into Firefox, I'd probably switch over from Chrome.
If I understand it correctly, you shouldn't be using any website accounts using Tor browser that you also use outside of it. I really wonder if/how they can make the user properly aware of that in a kind-of super private browsing mode.
Have you considered also implementing I2P[0] in parallel with tor? It suppose to be harder to analyze traffic at nodes with I2p though it isn't as battletested as tor.
Okay but what about maidsafe, dat, ipfs etc. The correct solution is to have firefox expose a 'protocol api' or something along those lines so that any 'alternate internet' project can create a backend extension to make firefox compatible with that protocol.
I think Mozilla should look at using Servo instead of Gecko in this mode along with a new JavaScript interpreter written in Rust, at least optionally, since perfect security is essential when using a Tor browser without a dedicated VM.
Servo components are being uplifted into Gecko gradually. There's less benefit to rewriting the JIT in Rust because static type systems can only do so much when the whole goal of a program is to generate code dynamically.
So we lose another valuable project of the Web. I wonder why I feel so lost - that when I was young, the Internet was barely born... and now I'm watching it die.
I've been waiting for this for years. Good job convincing Mozilla to do this! Good idea to standardize the spec, too.
I hope they give a good name to this new super-private mode (which actually isn't too bad of a name, either).
I also hope they don't just implement a "more private" mode in Firefox, but also a more hardened mode for Tor. The Tor mode in Firefox should use the strictest possible sandboxing technologies available to them from the operating system (file system virtualization, etc).
I'm even talking about those new fancy hypervisor-based micro-VMs in Windows 10, which I believe they are called Krypton containers, and it's what Edge uses within the Application Guard context. Although if the users have to enable Hyper-V/Micro-VMs first in Windows, then maybe this hardening mechanism should be optional, but encouraged. Otherwise, it should probably be the default.
Oh, and this hardened mode should use a different process for every tab/extension, too, by default, just like Chrome does. I still don't think Mozilla's "hybrid" approach makes it as secure as Chrome (which is why it's a hybrid/compromise for lower memory usage).
I believe Tor browser is already just a version of Firefox if I'm not mistaken. What would be the advantage of integrating with Firefox as opposed to say, a VPN integrated into the browser via a plugin. Just seems a little redundant and Tor is beginning to seem dated also with new solutions popping up and making the pitfalls of Tor more apparent.
"Removing fingerprintability" amounts to the browser just NOT sending all the http request headers that it sends by default. How hard can it be to "comment out" these lines?
I am starting to feel firefox in a serious way. But im just sooo concerned that their software still sucks. I mean, we ARE talking about a company who thought it was smart to spend time trying to build a javascript OS for mobile.
So let me ask again. When are you guys going to start building firefox from the ground up and make the perfect browser we all deserve?
And if you disagree, please. Present your arguments. I am the person you need to sell right now.
[+] [-] tomrittervg|7 years ago|reply
If anyone is interested in assisting development-wise, Firefox bugs tagged 'fingerprinting' in the whiteboard are a good place to start. You can also run Tor relays and help us improve the health of the network by working with Tor's new Relay Advocate (https://blog.torproject.org/get-help-running-your-relay-our-...). More people being involved in spec work (especially at the W3C) and focusing on fingerprinting and privacy concerns is also very useful - it's very hard to keep eyes on all the things happening everywhere.
We also appreciate users of Firefox Beta and Nightly (Nightly especially). The flags Tor features are developed behind (privacy.resistFingerprinting and privacy.firstparty.isolate) are experimental. I appreciate bug reports from users running these flags but you should expect them to break things on the web (resistFingerprinting especially; first party isolate is generally more stable and usually only has breakage on particular login forms).
[+] [-] xoa|7 years ago|reply
Since I've seen this come up before in many previous discussions of Tor I think it's worth emphasizing/clarifying up front: Tor relays are not the same as Tor exit nodes. Relays do not talk to the public internet, they serve only the full encrypted internal Tor virtual network. So they won't ever send out traffic from an IP under your control to some website or general Internet system (and in turn tie that IP in any way to spam/abuse/whatever, at least not for that reason). It's not necessarily hidden that it is acting as a relay, but the relay itself will have no knowledge of the traffic it's carrying.
Plenty of people have reasonable concerns about the risks/inconveniences that might come with acting as an exit node, but on both a legal and practical level there are many more jurisdictions where merely relaying encrypted traffic between other relays isn't a problem. And it's still quite helpful, both for network speed and because purely internal Tor Hidden Services do not need any exit nodes at all.
[+] [-] walrus01|7 years ago|reply
"Why you need balls of steel to run a Tor exit node":
https://lists.torproject.org/pipermail/tor-talk/2009-Septemb...
Given the low level of technical knowledge with a great deal of US law enforcement, increasing militarization, no knock warrants, etc... Please think twice before running an exit node from your house. Do it in Colo somewhere with a small, plucky ISP owned by a first and fourth amendment absolutist.
[+] [-] eganist|7 years ago|reply
[+] [-] azernik|7 years ago|reply
If that doesn't pan out, do you expect the ongoing work on this project to reduce the size of the patches that the Tor Browser project needs to carry on top of the Firefox trunk?
[+] [-] ChrisSD|7 years ago|reply
Are you referring to third-party login services and comment systems (such as disqus and similar)?
[+] [-] fuckyouzilla|7 years ago|reply
[deleted]
[+] [-] ogennadi|7 years ago|reply
[+] [-] ComodoHacker|7 years ago|reply
[+] [-] sametmax|7 years ago|reply
EDIT: I mean baked in in the browser like tor, not baked in tor. Although interesting, it's really not my priority.
[+] [-] maerF0x0|7 years ago|reply
[+] [-] kibwen|7 years ago|reply
[+] [-] JohnTHaller|7 years ago|reply
[+] [-] forapurpose|7 years ago|reply
Many public Internet websites filter connections from the Tor network, many other websites are very slow, yet others impose extra obstacles such as multiple rounds of captchas (even 5 or more) or degraded service (including high suspicion of payments), and of course you often will receive webpages in the wrong locale or language - which can trigger regional filters. Currently, workarounds requires resetting the circuit (few non-technical users will even understand what the circuit is), lots of patience and reloads, and often just giving up. [EDIT: And non-technical users won't understand what is happening and therefore won't know when to use which workaround.]
If that's the experience of typical Firefox users, they won't use it and they will have bad associations with Tor and Firefox.
[+] [-] blauditore|7 years ago|reply
[+] [-] superkuh|7 years ago|reply
[+] [-] kibwen|7 years ago|reply
[+] [-] cpeterso|7 years ago|reply
https://www.pcworld.com/article/2877592/mozilla-puts-old-har... (2015)
[+] [-] Hello71|7 years ago|reply
I think the theory behind this project is that those problems are primarily caused by Tor's popular image as a 'fringe network for pedophiles and drug dealers' and that by making it more mainstream they can fix those issues.
(please more replies saying "that sounds really hard" and less replies saying "tor is not a fringe network for pedophiles and drug dealers", thanks)
[+] [-] cup-of-tea|7 years ago|reply
[+] [-] sp332|7 years ago|reply
(https://archive.org/donate)
[+] [-] maerF0x0|7 years ago|reply
[+] [-] MayeulC|7 years ago|reply
With wider adoption of ipv6 and all the good things that come with it (don't mistake me, they are great!) also comes the risk that each computer will get a uniquely identifiable IP address that will be used for fingerprinting. I've never really used Tor in the past, but this got me thinking about it.
An option could be to provide a webRTC-based node, but I am not sure how feasible that would be, after reading some comments here. Maybe for entry nodes and guard nodes instead of exit nodes? The transient nature of browser sessions could greatly enhance privacy. Of course, you would need some algorithms to deal with this very nature... But I can imagine some.
This surely lowers the barrier to entry for greatly enhanced privacy. Quite a lot of people seem to be aware of the private browsing mode, and I can imagine this being turned into a simple toggle on the private browsing home page, along with a short explanation (and a link to additional privacy tips).
A low hanging fruit that could enhance the privacy a bit would be to use the trusted recursive resolver (DNS over https) in private browsing by default, since it already is part of Firefox. It just needs a default trusted resolver.
[+] [-] tomrittervg|7 years ago|reply
I'll point you at FlashProxy (https://crypto.stanford.edu/flashproxy/) and Snowflake (https://github.com/keroserene/snowflake) the latter of which is in active development. =)
[+] [-] kodablah|7 years ago|reply
[+] [-] floatboth|7 years ago|reply
[+] [-] SlowRobotAhead|7 years ago|reply
[+] [-] Hello71|7 years ago|reply
[+] [-] urda|7 years ago|reply
[+] [-] jerheinze|7 years ago|reply
What are your frustrations with the Tor Browser?
[+] [-] _bxg1|7 years ago|reply
[+] [-] ccnafr|7 years ago|reply
[+] [-] Vinnl|7 years ago|reply
[+] [-] wpdev_63|7 years ago|reply
[0]:https://geti2p.net/en/comparison/tor
[+] [-] openfuture|7 years ago|reply
[+] [-] jean-|7 years ago|reply
See for instance:
https://blog.mozilla.org/addons/2018/01/26/extensions-firefo... (CTRL-F Decentralization)
https://github.com/mozilla/libdweb
[+] [-] devit|7 years ago|reply
[+] [-] kibwen|7 years ago|reply
[+] [-] Endy|7 years ago|reply
[+] [-] jerheinze|7 years ago|reply
[+] [-] trumped|7 years ago|reply
[+] [-] mtgx|7 years ago|reply
I hope they give a good name to this new super-private mode (which actually isn't too bad of a name, either).
I also hope they don't just implement a "more private" mode in Firefox, but also a more hardened mode for Tor. The Tor mode in Firefox should use the strictest possible sandboxing technologies available to them from the operating system (file system virtualization, etc).
I'm even talking about those new fancy hypervisor-based micro-VMs in Windows 10, which I believe they are called Krypton containers, and it's what Edge uses within the Application Guard context. Although if the users have to enable Hyper-V/Micro-VMs first in Windows, then maybe this hardening mechanism should be optional, but encouraged. Otherwise, it should probably be the default.
https://www.zdnet.com/article/how-containers-will-transform-...
Oh, and this hardened mode should use a different process for every tab/extension, too, by default, just like Chrome does. I still don't think Mozilla's "hybrid" approach makes it as secure as Chrome (which is why it's a hybrid/compromise for lower memory usage).
[+] [-] fwdpropaganda|7 years ago|reply
Tor has hundreds of millions of daily users?
[+] [-] bunkydoo|7 years ago|reply
[+] [-] neokantian|7 years ago|reply
[+] [-] mortdeus|7 years ago|reply
So let me ask again. When are you guys going to start building firefox from the ground up and make the perfect browser we all deserve?
And if you disagree, please. Present your arguments. I am the person you need to sell right now.
[+] [-] fredley|7 years ago|reply