December 1, 2016 - November 30, 2017


The deliverables of this proposal are the 'activities' listed below for each team, Core Tor and Tor Browser.

Core Tor

  • Objective 1: Empower users with limited access to powerful devices and fast networks to access and more easily use secure, private networks in faster, more stable online interactions.
    • Subobjective 1.1: Reduce Tor processing overhead for low-bandwidth scenarios.
      • Activity: Improve the Directory Authority consensus part of the Tor network in order to optimize low bandwidth users experience.

Tor Browser

  • Objective 2: Make it easier and more attractive for non-technical and mainstream users to use censorship evasion software to access blocked online resources and communities.
    • Subobjective 2.1: Improve usability of “Tor Launcher” censorship configuration wizard.
      • Activity: Improve usability of Tor Browser initial configuration (“Launcher”) UI.
    • Subobjective 2.2: Improve accessibility of censorship-circumvention “Bridges”
      • Activity: Implement Automatic Bridge discovery for censored users.
  • Objective 3: Develop and implement defenses against online profiling and attacks in the face of emergent and increasingly sophisticated security and privacy threats.
    • Subobjective 3.1: Further defend against profiling through browser fingerprinting attacks
      • Activity 1: Continue to improve third party tracking and fingerprinting defenses.
      • Activity 2: Integrate a custom Panopticlick Instance to measure Tor Browser specific fingerprintability adding new tests as needed.
    • Subobjective 3.2: Reduce exposure to unknown future vulnerabilities.
      • Activity 1: Add selfrando to the regular browser alphas and investigate shipping it to stable users (Linux-only for now).
      • Activity 2: Test impact and viability of hardening options: A) using Intel's MPX (memory protection extension) for hardened builds, B) deploying STACK, which checks for optimization-unstable code, C) SafeSEH (secure exception handling).
      • Activity 3: Test Undefined Behavior Sanitizer (UBSan) support for either hardened standard builds or special QA builds, in order to identify critical compiling problems early.
    • Subobjective 3.3: Reduce overall potential impact of browser vulnerabilities.
      • Activity: Explore sandboxing options and adopt Mozilla’s sandbox when ready.
    • Subobjective 3.4: Eliminate emergent security and privacy holes in the browser foundation.
      • Activity 1: Review and alter or disable new browser features based on security and privacy risk.
      • Activity 2: Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.
    • Subobjective 3.5: Enhance Tor Browser’s “Security Slider” security configuration wizard.
      • Activity: Refresh the Security Slider based on vulnerability history for each ESR release.
    • Subobjective 3.6: Browser patch cleanup & merge with Firefox
      • Activity 1: Review the new features and changes in each Firefox ESR release for privacy and Tor safety.
      • Activity 2: Update and merge as many of our current patches with Mozilla as possible.
    • Subobjective 3.7: Increase response capacity for new defenses and capabilities by optimizing release processes.
      • Activity 1: Update our build system (e.g., toolchains and reproducible builds process) to handle subsequent Firefox ESR releases and specifically in response to Firefox changing their tools and outputs.
      • Activity 2: Optimize automated source-controlled software distribution (Gitian).
      • Activity 3: Optimize build processes (e.g., unified vs split, consistency across multiple products)


December 2016 / January 2017

February 2017

March 2017

Last modified 6 months ago Last modified on Mar 23, 2017, 7:32:58 PM

Attachments (5)

Download all attachments as: .zip