Hi, Following up to the Icecat problem I think we could draft and write a message together addressing torbrowser project, a text which is easy to understand, manages to point out the issues, avoids unnecessary propaganda and rethorics, shows the similiar goals and shows how each project can benefit from the other. Writing in general is nothing I have problems with, just this sort of email is nothing I do on a daily basis, so maybe someone with more experience can be of help here. This is just a draft and needs more input from people with more insight into icecat.
.start. We noticed that Icecat can no longer be considered reasonable secure[0] It would be great when Icecat and tor-browser developers could cooperate for a browser which respects its users rights and follows what both GNU and torproject want to achieve. [note: or enable cooperation in general] There are a number of ways to achieve that: Icecat could start working with torbrowser as its upstream source and work together with torproject to address the various freedom issues in torbrowser and upstream fixes to torbrowser. … (list more ways here) … Extensions bundled in icecat-38.8.0 (might have one or two leaking in from my own setup): - GNU LibreJS (License: ?) - HTML5 Video Everywhere (License: ?) - IceCatHome (License: ?) - SpyBlock (License: ?) - HTTPS-Everywhere (License: see below) Extensions bundled in tor-browser: - HTTPS-Everywhere (EFF, "GPL version 3+ (although most of the code is GPL-2 compatible)") https://www.eff.org/https-everywhere/development - NoScript (GPL-2 in latest version, according to https://addons.mozilla.org/en-US/firefox/addon/noscript and also noscript.net changelog.) - Torbutton (MIT license(?): https://gitweb.torproject.org/torbutton.git/tree/src/LICENSE) Differences between Icecat and Torbrowser: … this section should contain differences in code contained and removed, licenses contained within, etc. The extensions part should be merged into this one. Open issues I found on trac are: - about:license is Firefox specific , trac opened 18 months ago: https://trac.torproject.org/projects/tor/ticket/14936 Unrelated but still worth addressing now that a mentioned task has been fixed (torproject.org websites are accessible with .onion addresses): - https://trac.torproject.org/projects/tor/ticket/17393 (librejs on tpo web sites, mentions Icecat relevance) [0]: https://lists.gnu.org/archive/html/guix-devel/2016-08/msg00277.html .end. For the bypassers, I can recommend: Certificate Patrol (http://patrol.psyced.org , LICENSE: MPL 1.1/GPL 2.0/LGPL 2.1), it does what https-everywhere does and maybe even since before HE was around (I could be wrong about the "been around longer" part). -- ♥Ⓐ ng0 Current Keys: https://we.make.ritual.n0.is/ng0.txt For non-prism friendly talk find me on http://www.psyced.org