Changes between Initial Version and Version 1 of org/meetings/2018MexicoCity/Notes/IntegratingTorOtherBrowsers


Ignore:
Timestamp:
Oct 2, 2018, 4:46:13 AM (10 months ago)
Author:
sysrqb
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2018MexicoCity/Notes/IntegratingTorOtherBrowsers

    v1 v1  
     1browser Privacy Test:
     2    Testing other browsers by specific privacy test
     3    make privacy across browser objective
     4    Every browser claims  it's "good" about privacy, how do users compare them?
     5    browserprivacy.net -> browserprivacy.net/tests.html
     6
     7        - Three categories of tests:
     8
     9    - tor connectivity
     10
     11    - cookies (super cookies)
     12
     13    - Fingerprinting
     14
     15    - This is very technical, provide a higher-level activist focused matrix
     16
     17    - Currently run manually, running nightly build tests would be better
     18
     19    - Can panopticlick use or benefit from this?
     20
     21    - Feedback to OpenWPM?
     22
     23
     24Brave has a Private Tab that uses Tor
     25
     26    - Began 1 year ago
     27
     28    - Added "Private Tab with Tor"
     29
     30    - Reduce fingerprinting
     31
     32    - Disable leaky features (webrtc, etc)
     33
     34    - Starts Tor when the first Private Tab with Tor is created
     35
     36    - This tab tries to match most users expectations of a Private Tab
     37
     38    - Make anonymous micropayments more profitable than website ads
     39
     40    - In the future, add PT support
     41
     42    - Possibly separate Tor support from Private Tabs (maybe use Tor support in normal tabs, too)
     43
     44
     45Cliqz:
     46    - Uses Firefox
     47    - Adds "Forget Mode", rather than Private Mode
     48    - Adds automatic Forget Mode if it decides a website should be opened in a forget mode
     49    - In the future, move services to onion services
     50    - Currently internal testing of beta version
     51    - Cliqz uses Firefox release rather than ESR (opens possible proxy-bypass)
     52    - Testing for proxy-bypass manually
     53    - Future PT support
     54
     55When Tor Project are contacted about Tor support:
     56    "Tor" means many different things
     57
     58        Browser, network, program, etc
     59
     60    Tor Browser is more than a browser that routes traffic over the Tor network
     61
     62    Fingerprinting protections, privacy protections, etc
     63
     64    If another browser integrates Tor, calling it "Tor Mode" would be misleading
     65
     66    "Onion mode" or "Private Tabs with Tor" are options
     67
     68    What features must a browser support before the Tor Project is comfortable with another browser having a "Tor Mode"?
     69
     70    We should use the Browser Privacy Tests
     71
     72    - It's a starting point
     73
     74
     75EFF have a lot of history of browser fingerprinting from panopticlick
     76Maybe panopticlick compares the browser against Tor Browser
     77
     78Users can be fingerprinted by the version of their browser (UAS, available features, configurations, etc)
     79
     80How can The Tor Project help the other browsers?
     81
     82    Automated tests, and check-list is very helpful for knowing what is needed/expected
     83
     84    What is changing between Tor Browser and FF Release/Nightly?
     85
     86    What should be communicated to the user about the Tor mode?
     87
     88
     89Onion UI should be similar/standardized across browsers
     90
     91Brave fails hard .onion address resolution
     92Cliqz uses the blockdotonion pref
     93
     94Looking at browserleaks.com, too
     95
     96Better explanation why someone should choose a browser with tor support vs. tor browser
     97
     98    Better explanation why Tor is different/better/worse than a VPN
     99
     100    Better documentation around this - FAQ? Training?