Hey everyone, As I mentioned in the "Isolating sites from one another and dealing with multiple online identities" thread[1], the Tor Browser team is currently trying to decide how to best prepare our patches to support a Tor Mode in normal Firefox while still supporting our Tor Browser userbase in the meantime, and without overwhelming engineering effort on our side.
On our own mailinglist, we're discussing how we think our privacy options should be presented[2,3]. While the upstream Firefox UI/UX aspects of a Tor mode feature may be premature to specify in a fine-grained manner at this time, we do feel it is important to have our target operation mode specified at least to the degree where we can decide if it should be based on a pref, or channel attribute, or AppId/Container isolation, so we can decide what governs when our tracking prevention properties are enabled. The benefit of having a pref or a few prefs is that implementation is simple, and easy to deploy for Tor Browser. This is the approach we've taken to date, and this approach is also consistent with the recent UI/UX discussion that I linked to on our mailinglist. The downside of the pref approach is that for stock Firefox, it will be difficult to provide users with a concurrent Tor Mode window that supports Tor in a way that is consistent with our notions of tracking prevention. Basically, a pref-based approach means that users will have to enable Tor mode independent of their tracking prevention choices, and that their tracking prevention choices will need to apply to both Tor-enabled windows and non-Tor windows, which may be undesirable for many users. The preference approach really starts to show its limitations when you consider that for Tor windows, the user will want prefs like 'media.peerconnection.enabled' turned off to prevent proxy bypass. This means that WebRTC calls will then fail for non-Tor windows, or the user will be exposed to deanonymization in Tor Mode windows[4]. Does anyone on the Mozilla side have any strong opinions about this? The recent isolation thread made me wonder if there are other new isolation mechanisms that we should be leveraging too, or if we should be more actively involved in future isolation and identity management discussions. 1. https://groups.google.com/d/msg/mozilla.dev.privacy/XQza_CmYDr4/7hemg2vtyUYJ 2. https://lists.torproject.org/pipermail/tbb-dev/2015-January/000217.html 3. https://lists.torproject.org/pipermail/tbb-dev/2015-January/000219.html 4. https://diafygi.github.io/webrtc-ips/ -- Mike Perry
signature.asc
Description: Digital signature
_______________________________________________ dev-privacy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-privacy
