wiki:org/meetings/2014WinterDevMeeting/notes/TorBrowserPlan

The Browser Plan

Abstract: Discuss the latest happenings with Mozilla, how Mike's 3 year-and-counting quest to remake the browser space is shaping up since deprecating Torbutton, what is working better than he expected, what is working worse, what additional opportunities have presented themselves, and what obstacles remain in our way. As a bonus, there are also possible post-browser platform trajectories that we can discuss, if we actually really do get the browser space under control. Dissent is welcome.

Minutes

Jailing of session identifiers and tracking elements to avoid different domains to understand that the user is the same that the same.

Mozilla is willing to merge these changes into the main Mozilla code.

This is useful to Mozilla, because they won the privacy award and they want to brag about their privacy features.

This could potentially lead to Chrome also implementing this feature.

The security model of Chrome is stronger, by just looking at the cost of exploit Firefox vs Chrome.

Content window sandboxing in Mozilla Firefox. Making exploitation harder.

Nathan says that he has the idea of having Tails on a key for phones.

Exit node traffic manipulation can have a greater impact.

South America privacy had outdone all other features by doing market research.

Softbounds enforces temporal and spacial memory bounds at 2x performance cost: http://acg.cis.upenn.edu/softbound/.

Doing research in the area of understanding how to find the right balance of performance and security.

Usability and UI improvements, getting patches into Mozilla, SSL Observatory.

Issues with getting some patches into Mozilla are the fingerprintability problems.

It's problematic to be on a rapid release cycle as Mozilla wants us to be.

TorBirdy improvements are listed inside of the proposal for RFA. There is a priority of getting a C++ programmer to do some TBB development.

If Mozilla integrates a lot of the patches that are part of TBB at the moment it would reduce the TBB development effort.

If they were all merged into FF there could then be two versions of TBB one that is installed via an add-on and one that is a hardenned version of TBB with new security and privacy features.

There are some issues that are reported by users, but they are sometimes difficult to reproduce and debug.

In the Mozilla world it's hard to understand what the common code for the various products they distribute is. What code is shared by Fennec, Firefox, FirefoxOS.

In TBB a lot of aspects of the UI need to be improved. There should be integration with BridgeDB so that users can continuously get bridges if they prove they have solved a CAPTCHA.

Last modified 4 years ago Last modified on Feb 25, 2014, 1:46:40 PM