-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Sid,
On 8 Aug 2013, at 17:48, Sid Stamm wrote:
> On 8/8/13 8:52 AM, Bernard Tyers - ei8fdb wrote:
>> "Maybe we should just adopt, support, and bundle Tor in Firefox..."
>> [1]
>>
>> It's early days, and just a comment on Twitter, but I wonder what
>> others have to say.
>>
>> Good or bad idea? I would say (without too much thinking): turned-off
>> by default, but available. Exciting possibilities.
>
> Let me turn it around: what do you think? Why would you like to see this?
>
> I think it's interesting, and at the very least we could work more
> closely with the Tor engineers to make each others software better.
"make each others software better." - Bingo.
Personally speaking:
(Disclaimer: I have been a Mozilla supporter for years, and therefore I am
clearly biased!)
I am a UX professional who came via telecoms engineering (after working in
mobile networks and sysadmin for years). I have an interest in privacy
enhancing technologies ("PETs"), usability and giving users control over their
information.
In my mind privacy is no longer *just* about the information, but more so about
the control over the information.
- - What would Firefox and Tor give the user:
Firefox for me has been about following web standards, giving users control and
being a strong user advocate. Always. Tor is about offering users (some who are
in dangerous situations) a level of anonymity and privacy. They cannot provide
total anonymity, but security is not ON or OFF.
If Mozilla was to support Tor as a plug-in Firefox users would get the best of
both worlds. A browser which has a great user philosophy, and a privacy
enhancing tool which gave them an extra level of assurance. Presumably it would
be off by default? Or possibly incorporate Tor features into Private Browsing
tabs?
Firefox has always approached technology pretty openly, transparently. Tor
operates, on the whole in a pretty transparent way also. (Sometimes too
transparently!)
- - What would Firefox bring to Tor:
As a human-interaction professional, for me the one area that the Tor project
sometimes lacks is user-centred design. Security and usability aren't easy. In
Tor's case this is understandable as the majority of the people involved are
crypto/security/comp. sci people.
One of the areas Mozilla leads (or is certainly in the leading group) is in UX:
security related usability, browser UI, mobile. Mozilla is also a trusted
"Internet entity" (you're not a company, you're not a charity...?!)
- - What would Tor bring to Firefox:
Tor understand how to provide users with anonymising services for Internet
traffic. They understand security from a technical and operational security
level too. They have a supportive community. For people who know Tor, they are
trustworthy, and are a project who does try to work for its users, albeit in a
very technology-heavy way.
- - Affects on Internet:
It would be interesting to study the user experience of large Internet services
(Google, Facebook, Twitter, etc) if a larger percentage of users were
anonymising their traffic. I could see some disruption to business models. From
the users point of view, this could be negative or positive. I don't know.
It would also be interesting to study the affects on the Tor network if a
sudden increase in user traffic was generated. This graph shows user traffic
and available bandwidth of the Tor network. [2]
- - Concerns
The major worry for me would be operational security of using Tor as a plugin.
From another mailing list I am on, this was a comment:
".......but I will say that, in a general sense, this is a relatively insecure
method of using Tor. Recent events have highlighted this, naturally, but Tor
works best as network infrastructure where "split tunnelling" (to borrow a term
from VPN architecture) is not allowed. Perhaps if it were fully sandboxed such
that all communications had to go through a proxy, a la Whonix." [1]
And from Twitter I received this comment:
"the reason @torproject moved away from TorButton as an addon only & went
browser bundle route was it was too easy to accidentally turn off or forget to
turn on a Tor session. Can't see how Mozilla can fix this potenial #OPSEC point
of failure any differently."
These comments are very valid comment. But this is exactly where I would see
Mozilla being able to solve (or certainly give it a good go) this issue. I
would like to think between contributors, employees, this is a problem that can
be fixed by UX, security, and devoplement professionals.
Sorry for the big mail. But I thought it deserved a thorough answer. I think
this would be a huge thing if Mozilla supported Tor (either as a plugin or in
some other way. I am not a developer so thats out of my area)/
This is really exciting news. Lets see where it goes.
All the best,
Bernard
[1] Whonix is an operating system focused on anonymity, privacy and security
[2] https://metrics.torproject.org/network.html#bandwidth
- --------------------------------------
Bernard / bluboxthief / ei8fdb
IO91XM / www.ei8fdb.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJSA/c4AAoJENsz1IO7MIrr2loH+gM0pe2Cn2qbNZLpGKhhCx8v
NoVScQSdfDhkBq1AmKTlmJbamnTugiC/i3M6a4jS4b90UJLHHnNY/KozYpn0ZmA5
hNqaVn9aOiVixkyerFkZbXCDCb0nQb41WcSUPZLa1SX8K2EptlE1VDJvjNaN+77f
/U/k4/L03AwhWv3uPNnBsg8Td6vrhjfDOnax7mDcJTTzqIOFSncRvRYGSIiB9owm
pDaZmh4+l1cn9vo6tuTSbNjnDVzGJTkvHfcSF0V+GcD+T6uDaH8N2orJIwSJc2J9
nsXUhR0zi5abo/7p+a/AnIejNdOZESgy+fdMUBtLEjRHwvaOlE70Y7ciFUvyniU=
=1VkD
-----END PGP SIGNATURE-----
_______________________________________________
dev-privacy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-privacy
