TorBrowser

STATUS COLOR CODE:

• GREEN = WILL GET DONE BY EOM
• YELLOW = MOST OF IT DONE BUT NOT FINISHED BY EOM
• RED = EITHER DECIDED TO DROP IT OR JUST STARTED THE TASK OR IS MOVING TO THE NEXT MONTH

Previous Roadmaps

• 2016 Winter Dev Meeting Tor Browser Roadmap
• 2015 Summer Dev Meeting Tor Browser Roadmap
• 2015 Winter Dev Meeting Tor Browser Roadmap

Current Roadmap for Tor Browser

Deliverables from proposals submitted

Proposal 1

Timeline: 12 months

The roadmap below was done at the Seattle Tor Meeting for a contract that starts Dec 2016 and ends on Nov 2017. It got amended during the Amsterdam Tor Meeting in March 2017.

Roadmap Dec 2016 - Nov 2017

December

• Objective 3.3: Improve Browser Sandboxing

  • Activity: Explore sandboxing options and adopt Mozilla’s sandbox when ready.

• Objective 3.4: Eliminate emergent privacy holes in the browser foundation

  • Activity 1: Review and alter or disable new browser features based on security and privacy risk

• Objective 3.7: Increase response capacity for new defenses and capabilities

  • Activity 1: Update our build system to handle subsequent Firefox ESR releases.
  • Activity 3: Optimize build processes (switch to rbm)

January:

IMPORTANT DATE: 2017-01-24 where we probably want to get 6.5 out

• Objective 3.6: Patch cleanup & merge with Firefox
  • Activity 1: Review the new features and changes in each Firefox ESR release for privacy and Tor safety.

February:

• Objective 3.2: Reduce exposure to unknown future vulnerabilities

  • Activity 1: Continue to explore hardening compilers and hardening options.

• Objective 3.1: Further defend against profiling through browser fingerprinting attacks

  • Activity 2: Integrate a custom Panopticlick Instance.

March:

IMPORTANT DATE: 2017-03-07 where Fx 52 gets out

April:

• Objective 3.1: Further defend against profiling through browser fingerprinting attacks
  • Activity 1: Continue to improve third party tracking and fingerprinting defenses.

May:

IMPORTANT DATE: 2017-05-15 we should aim to be ready for Firefox 52.2

• Objective 3.2: Reduce exposure to unknown future vulnerabilities
  • Activity 2: Test impact and viability of hardening options.

June:

IMPORTANT DATE: 2017-06-13 where Firefox 52.2 is getting out

• Objective 3.4: Eliminate emergent privacy holes in the browser foundation
  • Activity 2: Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.

July:

• Objective 2.1: Improve usability of “Tor Launcher” censorship configuration wizard
  • Activity: Improve usability of Tor Browser initial configuration (“Launcher”) UI.

August:

• Objective 2.2: Improve accessibility of censorship-circumvention “Bridges”

  • Activity: Implement Automatic Bridge discovery for censored users.

• Objective 3.7: Increase response capacity for new defenses and capabilities

  • Activity 2: Improve build automation and tooling to enable more builds (specifically 64 bit Windows).

September:

• Objective 3.6: Patch cleanup & merge with Firefox
  • Activity 2: Update and merge as many of our current patches with Mozilla as possible.

October:

• Objective 3.5: Enhance Tor Browser’s “Security Slider” security configuration wizard.

• Objective 3.2: Reduce exposure to unknown future vulnerabilities

  • Activity 3: Test Undefined Behavior Sanitizer (UBSan) support.

Additional Bugs to Consider

#17400 (moved) (could be part of obj 3.7!?), #9675 (moved), #21542 (moved)