wiki:org/meetings/2019Stockholm/Notes/FirefoxTorUpliftAndTorModeAddOn

There are two main topics of this session:

  1. Discussion a proposal for a "Tor mode" addon for Firefox.
  2. Triage of Tor Browser patches that are candidates for uplift into Firefox.

Tor Mode Add-on proposal

There is an idea to, in the future, have Firefox use Tor in private browsing mode, or an a new extra-private mode. That will take a lot of engineering work and buy-in. To help smooth the path, there is a proposal for a "Tor mode" addon. This would not be packaged with the browser by default, but would be something that users could download from addons.mozilla.org to give them a "Tor mode" button or similar. It would allow users to experience what an eventual full integration with Tor could look like. It could also help gauge interest by counting downloads, etc.

acat has demonstrated how to compile tor to WASM. This would allow packaging all the necessary tor code inside the addon itself, without a dependency on external binaries. The addon would still need to be a privileged addon.

Question: What's that? Answer: A privileged addon is one with elevated privileges compared to a standard WebExtension. It can call XPCOM functions, for example. A privileged addon needs to be signed by Mozilla, or something, but the idea for this proposal is to have it produced and distributed by Mozilla anyway, so that's not a problem.

The addon would configure the browser to use tor as a proxy, as well as setting various prefs to prevent proxy bypasses and resist fingerprinting, much like those set by Tor Browser.

Discussion of visual options for UI. Clicking the Tor-mode button would probably open a new window that uses a dedicated profile. This is because some of the prefs that the addon has to set are global to a profile, not to a window or a tab.

What to do about HTTP? The feeling is that it's dangerous to pass unauthenticated HTTP through exit nodes. Packaging NoScript does not provide the best experience either. The easiest solution is to enforce (require) HTTPS when in Tor mode.

Patch uplift

We looked at https://torpat.ch/, which is a list of patches that appear in Tor Browser tickets that may be considered for uplift into Firefox. The rows are color coded. Some trac.torproject.org tickets are already matched to a bugzilla.mozilla.org bug. There is a big list of untriaged tickets. Patch uplift is going to be on hold for a few months. The group went through the untriaged patches and made a list of ones that are potentially upliftable.

Last modified 3 months ago Last modified on Jul 14, 2019, 11:24:11 AM