[tor-talk] To Toggle, or not to Toggle: The End of Torbutton
In a random bar about two years ago, a Google Chrome dev asked me why Torbutton didn't just launch a new, clean Firefox profile/instance to deal with all of the tremendous state separation issues. Simply by virtue of him asking me this question, I immediately realized how much better off Chrome was by implementing Incognito Mode this way and how much simpler it must have been for them overall (though they did not/do not deal with anywhere near as many issues as Torbutton does)... So I took a deep breath, and explained how the original use model of Torbutton and my initial ignorance at the size of the problem had lead me through a series of incremental improvements to address the state isolation issue one item at a time. Since the toggle model was present at the beginning of this vision quest, it was present at the end. I realized at that same instant that in hindsight, this decision was monumentally stupid, and that I had been working harder, not smarter. However, I thought then that since we had the toggle model built, we might as well keep it: it allowed people to use their standard issue Firefoxes easily and painlessly with Tor. I now no longer believe even this much. I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. The Tor Browser Bundles would include Torbutton, but we would no longer recommend that people use Torbutton without Tor Browser. Torbutton will be removed from addons.mozilla.org, and the Torbutton download page will clearly state that it is for experts only. If serious unfixed security issues begin to accumulate against the toggle model, we will stop providing Torbutton xpis at all. I believe this must be done for a few reasons: some usability, some technical. Since I feel the usability issues trump the technical ones, I'll discuss them first. Unfortunately, the Tor Project doesn't really have funding to conduct official usability studies to help us make the best choice for this, but I think that even without them, it is pretty clear that this is what we must do to improve the status quo. I think the average user is horribly confused by both the toggle model and the need to install additional software into Firefox (or conversely, the need to *also* install Tor software onto their computers after they install Torbutton). I also think that the average user is not likely to use this software safely. They are likely to log in to sites over Tor that they shouldn't, forget which tor mode they are in, and forget which mode certain tabs were opened under. These are all nightmare situations for anonymity and privacy. On the technical side, several factors are forcing us in the direction of a short-term fork of Firefox. The over-arching issue is that the set of bugfixes required to maintain the toggle model is a superset of those required to maintain the Browser Model, and contains some rather esoteric and complicated issues that are unlikely to ever get fixed. See https://www.torproject.org/torbutton/en/design/#FirefoxBugs for both lists. This means more resistance from Mozilla to get the Toggle Mode bugs fixed or even merged, less likelihood they will be used elsewhere, and more danger they will succumb to bitrot. Related to this, the lag time for normal Firefox bugs between authorship and deployment can be as long as 3 years (and counting). See for example: https://bugzilla.mozilla.org/show_bug.cgi?id=280661 The Tor Browser bugs on the other hand are more directly usable by Firefox in its own Private Browsing Mode, which makes them more likely to merge quicker, and be maintained long-term. Also, because we will be releasing our own Firefox-based browser, we will also have more control over experimenting with them and deploying these fixes to our users rapidly, as opposed to waiting for the next Firefox release. So, we can either invest effort in improving the UI of Torbutton to better educate users to understand our particular rabbit-hole tunnel vision of design choices, as well as solve crazier Firefox bugs; or we can reconsider our user model and try to simplify our software. We don't have the manpower (ie: enough me) to do both. I think this means we should go with the simpler option. The reason I am discussing this in so much detail here is because I believe there is a chance that there are users out there who rely on the toggle model and/or their OS Firefox build, and may be confused or enraged by the new model. I'm asking this list to get an idea of how many of those users there are, and to try to understand what the overall costs of this sort of migration are. I also ask this because I am a heavy user of the toggle model myself, and abandoning it is sort of a leap of faith for me, too. So can anyone bring up any specific issues t
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Tue, Apr 12, 2011 at 1:33 AM, Mike Perry wrote: > (blah blah) > The reason I am discussing this in so much detail here is because I > believe there is a chance that there are users out there who rely on > the toggle model and/or their OS Firefox build, and may be confused or > enraged by the new model. I'm asking this list to get an idea of how > many of those users there are, and to try to understand what the > overall costs of this sort of migration are. > > I also ask this because I am a heavy user of the toggle model myself, > and abandoning it is sort of a leap of faith for me, too. > > So can anyone bring up any specific issues that may be caused by the > change? I consider myself a rather technical user with a lot of knowledge about the pitfalls of using Tor and security products in general, and I'm scared shit whenever I want to use torbutton in firefox because I'm afraid I will forget to toggle it, or toggle it at the wrong time, or simply do anything wrong. I have created a separate firefox profile with torbutton always on, and one profile without it, and separating these is the only sane way. Thus, I can only agree to 100% that this is a good idea. The only problem I can come up with at 2 AM is that maintaining a separate firefox can be a little messy in various linux distributions unless you happen to have someone build a nice binary for you. I suppose most of the common distributions will be covered with a tor-repository and the minor distributions will generally have more knowledgable users so they can take care of the evenutal mess. // pipe ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
I never did see much need for torbutton. Aren't all it's settings programmable anyways through about:config and config files? I often use separate firefox profiles... prefs.js for each are identically configured except for the proxy settings. Why toggle when you can spawn? Is that convenience really worth a foot shooting? What I could use is docs on how to color the window frame elements of firefox... red for tor/i2p. green for internet. I'd rather see stuff sandboxed than tweaked or hacked... too much maintenance. I'd bet torproject could distribute a unix (bsd or linux) memory stick. One version to native boot, the other a virtualbox of the same image. Stuff it full of comms apps, packet filter it into tor. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Monday 11 April 2011 19:33:08 Mike Perry wrote: > The reason I am discussing this in so much detail here is because I > believe there is a chance that there are users out there who rely on > the toggle model and/or their OS Firefox build, and may be confused or > enraged by the new model. I'm asking this list to get an idea of how > many of those users there are, and to try to understand what the > overall costs of this sort of migration are. > > I also ask this because I am a heavy user of the toggle model myself, > and abandoning it is sort of a leap of faith for me, too. > > So can anyone bring up any specific issues that may be caused by the > change? I run Tor, Privoxy, and Firefox on DragonFly. I also run Konqueror on both DragonFly (KDE 4) and Ubuntu (KDE 3; I haven't updated it in too long). I leave Tor enabled in Firefox all the time, and the sites I need to bypass Tor for (Wiktionary, since I'm a Wiktionarian, localhost, and a few others) are listed in the Privoxy conf. Also localhost is exempt from Ubuntu's Konqueror, since if I ran it through Privoxy it would look at the DragonFly box, not the Ubuntu box. I've been annoyed several times by Tor coming up disabled and by tabs which I opened in Tor mode not coming up, when I thought I told it to bring them up. cmeclax ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Mike Perry wrote: I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. [Snip] So can anyone bring up any specific issues that may be caused by the change? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 As an aside, we also are collecting a similar set of issues for the removal of an HTTP proxy entirely from the tor distribution: https://trac.torproject.org/projects/tor/ticket/2844 My normal use case is to run Tor on a computer different from the computer which is running the browser. I then use ssh to either tunnel the HTTP proxy connection to an instance of Privoxy running on the same computer that is running Tor or I tunnel the output from Privoxy on the computer running the browser to port 9050 on the computer running Tor. (I use both methods depending on which computer I am browsing from.) I have not yet figured out how your proposal effects these use cases. Should I decide to add entries to the tracker, does one have to register to do so? Jim ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 12.04.2011 04:11, Jim wrote: > Mike Perry wrote: >> I think we should completely >> do away with the toggle model, as well as the entire idea of Torbutton >> as a separate piece of user-facing software, and rely solely on the >> Tor Browser Bundles, except perhaps with the addition of standalone >> Tor+Vidalia binaries for use by experts and relay operators. >> >> [Snip] >> >> So can anyone bring up any specific issues that may be caused by the >> change? >> >> We are collecting these issues as child tickets of this bug: >> https://trac.torproject.org/projects/tor/ticket/2880 >> >> As an aside, we also are collecting a similar set of issues for the >> removal of an HTTP proxy entirely from the tor distribution: >> https://trac.torproject.org/projects/tor/ticket/2844 > > My normal use case is to run Tor on a computer different from the > computer which is running the browser. I then use ssh to either tunnel > the HTTP proxy connection to an instance of Privoxy running on the same > computer that is running Tor or I tunnel the output from Privoxy on the > computer running the browser to port 9050 on the computer running Tor. > (I use both methods depending on which computer I am browsing from.) I > have not yet figured out how your proposal effects these use cases. > > Should I decide to add entries to the tracker, does one have to register > to do so? > > Jim > > > > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > My normal using of Tor is running iceweales and other applications starting through gksu under transparently-torified user. When I use iceweales (3.5.16, from distr Debian Squeeze) I use the TB (ealier - 1.2.5, now - 1.3.2alpha). I use another browser for browsing the Net without Tor. I use ssh and etc. services directly form command-line belonging transparently-torified users without any http-proxies, torsocks and etc. It thinks to me that it is a good idea to distribute own tor browser but I cannot find the stable version of Tor Browser Bundle on the Torprokect site. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Anders Andersson (pipat...@gmail.com): > On Tue, Apr 12, 2011 at 1:33 AM, Mike Perry wrote: > > (blah blah) > > Thus, I can only agree to 100% that this is a good idea. > > The only problem I can come up with at 2 AM is that maintaining a > separate firefox can be a little messy in various linux distributions > unless you happen to have someone build a nice binary for you. I > suppose most of the common distributions will be covered with a > tor-repository and the minor distributions will generally have more > knowledgable users so they can take care of the evenutal mess. Thankfully, we do. Erinn has managed to create bundles that appear to work on every Linux distro we could test, but she is looking for feedback: https://blog.torproject.org/blog/firefox-4-tor-browser-bundles-gnulinux We do this by shipping all our major dependencies with the bundle. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpCOXQOvXkn7.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Jim (jimmy...@copper.net): > Mike Perry wrote: > >So can anyone bring up any specific issues that may be caused by the > >change? > > > >We are collecting these issues as child tickets of this bug: > >https://trac.torproject.org/projects/tor/ticket/2880 > > > >As an aside, we also are collecting a similar set of issues for the > >removal of an HTTP proxy entirely from the tor distribution: > >https://trac.torproject.org/projects/tor/ticket/2844 > > My normal use case is to run Tor on a computer different from the > computer which is running the browser. I then use ssh to either tunnel > the HTTP proxy connection to an instance of Privoxy running on the same > computer that is running Tor or I tunnel the output from Privoxy on the > computer running the browser to port 9050 on the computer running Tor. > (I use both methods depending on which computer I am browsing from.) I > have not yet figured out how your proposal effects these use cases. > > Should I decide to add entries to the tracker, does one have to register > to do so? Hrm, your use case would be "Download the TBB, and then configure it manually to use an alternate proxy." You'd still be downloading (and running) and extra Tor and Vidalia instance, but we're hoping to make that seamless: https://trac.torproject.org/projects/tor/ticket/2264 Otherwise, you'd fall in this boat: https://trac.torproject.org/projects/tor/ticket/2848 But we're really hoping not to have to build a standalone Tor Browser outside of the Tor Browser Bundle, because it adds an entire column to the matrix of builds we'd need to do. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpn0tOQTpe5t.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Hi, grarpamp wrote (12 Apr 2011 01:31:24 GMT) : > I'd rather see stuff sandboxed than tweaked or hacked... too much > maintenance. I'd bet torproject could distribute a unix (bsd or > linux) memory stick. One version to native boot, the other a > virtualbox of the same image. Stuff it full of comms apps, packet > filter it into tor. As a Tails [0] developer, I would be glad to read what our live system lacks to fulfill the usecase you are describing. [0] https://tails.boum.org/ Tails already mostly supports virtualization, although ease of use could be improved e.g. by shipping a Portable VirtualBox on the USB stick; see the dedicated page [1] in our TODO list. [1] https://tails.boum.org/todo/virtualization_support/ Bye, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | Who wants a world in which the guarantee that we shall not | die of starvation would entail the risk of dying of boredom ? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 04/12/2011 08:26 AM, Mike Perry wrote: > Hrm, your use case would be "Download the TBB, and then configure it > manually to use an alternate proxy." You'd still be downloading (and > running) and extra Tor and Vidalia instance, but we're hoping to make > that seamless: > https://trac.torproject.org/projects/tor/ticket/2264 > > Otherwise, you'd fall in this boat: > https://trac.torproject.org/projects/tor/ticket/2848 > > But we're really hoping not to have to build a standalone Tor Browser > outside of the Tor Browser Bundle, because it adds an entire column to > the matrix of builds we'd need to do. Will this new Tor Browser Bundle still offer the possibility to configure it for "Transparent Torification"? (traffic gets transparently redirected into Tor by a Tor router on the LAN) added in TorButton 1.3.0-alpha: * new: Support for transparent proxies in settings (patch from Jacob Appelbaum and Kory Kirk) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake tagnaq (tag...@gmail.com): > On 04/12/2011 08:26 AM, Mike Perry wrote: > > Hrm, your use case would be "Download the TBB, and then configure it > > manually to use an alternate proxy." You'd still be downloading (and > > running) and extra Tor and Vidalia instance, but we're hoping to make > > that seamless: > > https://trac.torproject.org/projects/tor/ticket/2264 > > > > Otherwise, you'd fall in this boat: > > https://trac.torproject.org/projects/tor/ticket/2848 > > > > But we're really hoping not to have to build a standalone Tor Browser > > outside of the Tor Browser Bundle, because it adds an entire column to > > the matrix of builds we'd need to do. > > Will this new Tor Browser Bundle still offer the possibility to > configure it for "Transparent Torification"? > (traffic gets transparently redirected into Tor by a Tor router on the LAN) > > added in TorButton 1.3.0-alpha: > * new: Support for transparent proxies in settings >(patch from Jacob Appelbaum and Kory Kirk) Yes, this option and other proxy options still be there. However, we will want to prune out a lot of the security options, especially the ones revolving around toggle-related state isolation, and make everything simpler in the options pane. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpmzme6vKs8W.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Hi, Being relying myself on Firefox profiles / virtual machines rather than the toggle thing, I'd personally be happy to see it go away. Let me put my Tails developer hat on. Done. Let's go. Mike Perry wrote (11 Apr 2011 23:33:08 GMT) : > The reason I am discussing this in so much detail here is because I > believe there is a chance that there are users out there who rely on > the toggle model and/or their OS Firefox build, and may be confused > or enraged by the new model. I'm asking this list to get an idea of > how many of those users there are, and to try to understand what the > overall costs of this sort of migration are. [...] > So can anyone bring up any specific issues that may be caused by the > change? Context: Tails currently ships Debian's Iceweasel (Firefox renamed for trademark reasons) and Torbutton. We don't care for the toggle feature that is unsupported in Tails and generally confusing for Tails users. Debian has put great efforts [0] to avoid shipping embedded code copies, and I quite like it from a sysadmin point-of-view, but this is mostly irrelevant to the current discussion *in the context of Tails*, so I'll try to put aside my usual rants: if there's a serious security bug in, say, the FreeType library, we need to release updated Tails images regardless of the actual technical reason (in case we go on shipping Debian's Iceweasel with no embedded code copies + Torbutton, we want to get the updated FreeType Debian package; in case we ship the TBB, we want to get the new binary statically linked against its own FreeType copy... I guess). [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392362 This being said... I fear needing to move away from a now-unsupported Torbutton extension makes our life hard as Tails developers. Two main issues arise from the top of my head, which I'm going to describe. Since the end of Torbutton seems inevitable, I do hope my concerns can easily be dismissed and the new TBB can be a viable solution for our usecase. , | Tails-specific Firefox profile configuration ` For various reasons, the Tails Firefox configuration is likely to keep being a bit different from the TBB's one. If we are forced to use the TBB instead of our current Debian's Iceweasel+Torbutton, I wonder how/if we will we be able to maintain this delta. I guess anyone needs to know a bit how we currently do this, so as to be able to answer this question of mine. Let me explain a bit. We Tails developers have invested quite a lot of work to avoid maintaining in VCS / shipping files into $HOME that are of the binary kind (be them really binary, or enough of a mess to make the diff corresponding to a given change hard to understand). Since the good old amnesia 0.5 days, we've been building such files programmatically from plaintext, understandable source files at image build time. Just like GConf settings, the Tails Firefox profile directory falls into this category: it's pretty hard to track such a directory in VCS, change options in there while maintaining consistency, know what files shall be shipped, which ones are auto-generated at runtime and so on, among the huge pile of files one can find in a profile directory. To achieve this we use: * a system-wide profile skeleton [1] that mostly contains the preferences *.js files and two extensions that have not made their way into Debian yet * SQLite preferences files are generated at build time [2] from plaintext SQL sources [3] [1] http://git.immerda.ch/?p=amnesia.git;a=tree;f=config/chroot_local-includes/etc/iceweasel;hb=refs/heads/stable [2] http://git.immerda.ch/?p=amnesia.git;a=blob;f=config/chroot_local-hooks/13-iceweasel_sqlite;hb=refs/heads/stable [3] http://git.immerda.ch/?p=amnesia.git;a=tree;f=config/chroot_local-includes/usr/share/amnesia/iceweasel/sql;hb=refs/heads/stable If we migrate to shipping TBB, can we go on maintaining our Tails specific Firefox configuration delta as described above? Will the TBB's Firefox use the standard ways to fetch system-wide configuration? (I guess this should be a opt-in option, probably not toggle-able from the GUI, as the TBB usually wants to be as much independent from the host OS as possible.) , | Compatibility with FF extensions installed from Debian packages ` For maintainability reasons, we Tails developers tend to prefer automatic build/upgrade procedures over manually setting up things. We also tend to prefer benefiting from already existing infrastructure and processes that work well, and especially Debian's ones, over setting up our own ones. For such reasons, I feel it's both cleaner and much less time-consuming for us to install and ship Firefox extensions from the Debian archive than manually downloading those, checking file integrity and unzipping XPI files into the profile skeleton directory. Maintaining compatibility between various FF versions and various extensions is also work I would not want to do... especially since
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
The reason I am discussing this in so much detail here is because I believe there is a chance that there are users out there who rely on the toggle model and/or their OS Firefox build, and may be confused or enraged by the new model. I'm asking this list to get an idea of how many of those users there are, and to try to understand what the overall costs of this sort of migration are. It's not clear to me how your proposal relates to other-than-Linux. I'm using firefox on NetBSD/i386. I don't understand how this "Tor Browser Bundle" will appear and be integrated into the OS packaging system. Will it be a renamed copy of firefox, requiring twice the packaging effort? Or very close to existing firefox? It seems that it has been difficult to get fixes upstream to firefox; there are currently 66 patches to xulrunner sitting in pkgsrc. Or is this a firefox-tor that uses the same xulrunner? I would, without understanding, expect that the hard issues are in xulrunner. I don't find the notion of installing tor and then adding torbutton to be at all confusing. I can certainly see your point about toggling being difficult. I don't know if a plugin that makes you restart the browser after changing to Tor mode would be a big simplification and avoid the bugs. I would find that to be a great solution, as browser restarts are very fast and have no software maintenance/packaging issues. Reading your note, it sounds like the basic issue is unwilling of the firefox team to take and deploy bugfixes you think are important for security/privacy. After all, if you can fix them in a fork, the issue is about not wanting them, or finding the usefulness/cleanliness ratio not high enough. Is that a fair characterization? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake intrigeri (intrig...@boum.org): > Mike Perry wrote (11 Apr 2011 23:33:08 GMT) : > > So can anyone bring up any specific issues that may be caused by the > > change? > > Context: Tails currently ships Debian's Iceweasel (Firefox renamed for > trademark reasons) and Torbutton. We don't care for the toggle feature > that is unsupported in Tails and generally confusing for Tails users. > > Debian has put great efforts [0] to avoid shipping embedded code > copies, and I quite like it from a sysadmin point-of-view, but this is > mostly irrelevant to the current discussion *in the context of Tails*, > so I'll try to put aside my usual rants: if there's a serious security > bug in, say, the FreeType library, we need to release updated Tails > images regardless of the actual technical reason (in case we go on > shipping Debian's Iceweasel with no embedded code copies + Torbutton, > we want to get the updated FreeType Debian package; in case we ship > the TBB, we want to get the new binary statically linked against its > own FreeType copy... I guess). > > [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392362 I believe Erinn is making a dependency graph and intends on updating TBB whenever one of the built-in dependencies updates in debian. I think she even has dreams of a machine doing this for her, and kicking off automated builds. (I hope she doesn't despise me for revealing the secrets of her dreams.) > If we migrate to shipping TBB, can we go on maintaining our Tails > specific Firefox configuration delta as described above? Will the > TBB's Firefox use the standard ways to fetch system-wide > configuration? (I guess this should be a opt-in option, probably not > toggle-able from the GUI, as the TBB usually wants to be as much > independent from the host OS as possible.) I would prefer it if we can unify our prefs.js use, but I guess you guys may want to support more things. I think with effort you can even get flash running safely under a default configuration... What do you anticipate being the other substantial feature differences that prevent you from just providing a stock TBB? > Is it imaginable to see the new TBB make use of extensions that are > installed system-wide? (probably opt-in as well) Hrmm.. I don't think this will be the case... System extensions seem a bad idea to source by default.. In fact, we should ensure we do not do this, due to the potential to source distro branding extensions that damage anonymity... Can we figure out a way to come close to a common set of extensions and configs, so the set of extensions you must add to TBB is minimal? Do you have a list of your extensions anywhere? > > We are collecting these issues as child tickets of this bug: > > https://trac.torproject.org/projects/tor/ticket/2880 > > I'll summarize the discussion results there. In the meantime, I prefer > using email if you don't mind. Yeah, it may be some round trips before we figure out new tickets. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpwC0EuzKEpa.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/11/2011 11:11 PM, Jim wrote: Mike Perry wrote: I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. [Snip] So can anyone bring up any specific issues that may be caused by the change? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 As an aside, we also are collecting a similar set of issues for the removal of an HTTP proxy entirely from the tor distribution: https://trac.torproject.org/projects/tor/ticket/2844 Have no particular problem w/ doing away w/ Torbutton - per se. Two thoughts. Avg & users will have to be educated in an * easily understandable * way why they must install a 2nd instance of Firefox (browser bundle). Have noticed the current & past Tor browser bundles are a Firefox ver or 2 behind the most current release from Mozilla. How does / will that affect safety of Tor browser bundle users, in case of serious security updates in latest FX vers, which haven't been incorporated into latest Tor? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/11/2011 5:33 PM, Mike Perry wrote: > I think the average user is horribly confused by both the toggle model > and the need to install additional software into Firefox (or > conversely, the need to *also* install Tor software onto their > computers after they install Torbutton). I also think that the average > user is not likely to use this software safely. They are likely to log > in to sites over Tor that they shouldn't, forget which tor mode they > are in, and forget which mode certain tabs were opened under. These > are all nightmare situations for anonymity and privacy. > After reading most of the replies to this topic, I'm not sure the average user has weighed in. There has been a lot of talk about running Tor on various Linuxes, using two computers, etc. I don't mean to disparage them in any way (in fact, they have proven most interesting to a relative novice Tor user such as myself) but I think all these show a lot more technical competence than the "average" user. I also realize there are a whole host of technical issues dealing with maintaining Torbutton vs. separate Firefox builds, and that this is the best place to address these. But I just don't think this list is the best place to address the usability issues if you really want Tor to reach the widest audience. As a Tor user and not a Tor developer, I've read the warnings on the Tor website and realize using Tor safely is much more than just installing software. But reading this list has me convinced that I never *really* know when I'm secure. The concept of Torbutton itself probably engenders a sense of false security to the casual user -- just "click the button" and you're "secure". On the other hand, I'm not sure I want to maintain two separate Firefox installations on my computer, especially when using the official Tor browser still doesn't give me a much greater sense that I'm secure. The "average" user is just not a great enough expert on security to know when all the bases are covered (especially if it means gambling his or her life and liberty on it as some people do today). It seems to me that secure browsing with or without Tor is too much at the mercy of the browser it runs on, and hence here at the mercy of Mozilla (nobody even talks seriously about making Chrome or any other browser truly secure with Tor). I think all this talk about Torbutton vs. Tor browser just dances around this core issue, and that it won't likely be solved by maintaining a separate Firefox browser. And so far I don't think anybody has solved the problem of a user who understands relatively little about computers trying to remain secure against a regime with vast resources and skills at its disposal. Please understand that this not a problem with Tor developers, for whom I have the greatest respect, but with the overall problem which is inherently complex and seems to have never-ending pitfalls. Maybe I'm exhibiting a great deal of hubris in nominating myself as the "average" Tor user, but after using Tor off and on for years and keeping an eye on this list all that time (so maybe I'm not really the "average" user after all), my sense of ultimate security using it just keeps growing less and less. Milton Scritsmier ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Milton Scritsmier (ktr-theonionrou...@dea.spamcon.org): > On 4/11/2011 5:33 PM, Mike Perry wrote: > > I think the average user is horribly confused by both the toggle model > > and the need to install additional software into Firefox (or > > conversely, the need to *also* install Tor software onto their > > computers after they install Torbutton). I also think that the average > > user is not likely to use this software safely. They are likely to log > > in to sites over Tor that they shouldn't, forget which tor mode they > > are in, and forget which mode certain tabs were opened under. These > > are all nightmare situations for anonymity and privacy. > > > > After reading most of the replies to this topic, I'm not sure the > average user has weighed in. There has been a lot of talk about running > Tor on various Linuxes, using two computers, etc. I don't mean to > disparage them in any way (in fact, they have proven most interesting to > a relative novice Tor user such as myself) but I think all these show a > lot more technical competence than the "average" user. I also realize > there are a whole host of technical issues dealing with maintaining > Torbutton vs. separate Firefox builds, and that this is the best place > to address these. Yeah, my question to the list is that "will this new UI model ruin the hardcore user's day?" As I said, I think it's pretty clear that it's the right step for normal users. They only have to click on one thing, and a browser shows up. Perhaps the UI needs some smoothing and some hints/cues/info after that point, but we're just talking about the macro issues of the install/use model itself here. > It seems to me that secure browsing with or without Tor is too much at > the mercy of the browser it runs on, and hence here at the mercy of > Mozilla (nobody even talks seriously about making Chrome or any other > browser truly secure with Tor). I think all this talk about Torbutton > vs. Tor browser just dances around this core issue, and that it won't > likely be solved by maintaining a separate Firefox browser. And so far I > don't think anybody has solved the problem of a user who understands > relatively little about computers trying to remain secure against a > regime with vast resources and skills at its disposal. Absolutely. We're actively tracking barriers to us supporting Google Chrome: https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting https://trac.torproject.org/projects/tor/ticket/1925 And we're also interested in Robert Hogan's Torora work. Right now, Firefox is actually our only option though. The amount of work remaining on the other two options is significantly larger. We realize that the more options we have, the better off we are. For example, Chrome has several extremely compelling security properties that Firefox lacks. It's just that the rest of what we need is not there yet. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpqGwIOQ1BXl.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Mon, Apr 11, 2011 at 04:33:08PM -0700, Mike Perry wrote: > I now no longer believe even this much. I think we should completely > do away with the toggle model, as well as the entire idea of Torbutton > as a separate piece of user-facing software, and rely solely on the > Tor Browser Bundles, except perhaps with the addition of standalone > Tor+Vidalia binaries for use by experts and relay operators. As someone who participate in spreading Debian on desktop systems, I am a little bit worried on the outcomes of such decision. I think most of my concerns apply to other distributions as well. First, let's clear this out: I do not really care about the toggle model. I would be perfectly fine with having a specific application to start in order to browse the web using Tor. What I am worried about is how it would be distributed. In the recent times, I have seen a lot of people who were impressed by their phone "AppStore" and other variants of this software distribution model. I was really amazed, as I have a hard time seeing how different it is from what Debian have since 1998 with APT. Since 2005, it is even better: software in Debian repositories is signed using cryptographic signatures. So when retrieving an application from our store, there is a really good chance that the Debian community has verified that it does not contain spyware. The Free Software community is huge, the Debian community is quite big as well. But I still do prefer to put have some level of trust on 1000 people than to have no level of trust at all. That's what I keep telling to the folks I help installing Debian. Together with "you should not install random stuff downloaded from a random web site". "Why?" they answer, and my reply, skipping the details, boils down to "you don't need to, everything is already in Debian". And I am talking about Debian stable here. Users that do not want to spend much time dealing with how their computers work. Only about the work they want to do with their computers. Having a major system upgrade every two years is more often enough in their eyes. How does that relate to Torbutton and Tor Browser Bundle? Well, as already pointed out by intrigeri, Debian has gone a great length to avoid embedded code copies in its source packages. Firefox security record is far from perfect, and I see no chance that Debian security team and ftpmasters would accept to ship another version of Firefox in the archive. If another version of Firefox cannot enter the Debian archive, the Tor Browser Bundle will not be able to join this great "AppStore" Debian (and Ubuntu, and others) already has. So it will need, at least, a custom repository, or a custom way to be installed and a custom way to tackle security updates. Given the amount of work Mike Hommey put in the maintainance of Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and weasel will have the time and energy to maintain TBB in a custom repository. Having a dedicated application to install and update TBB makes me really nervous as it paves the road for so many bad habits that those users I was talking about left when they started using Debian on their desktop. As the maintainer of xul-ext-torbutton, I also have one question: what upgrade path should I provide for Debian next stable release? (Doing nothing means that 1.2.5 will stay on their system until they remove the package.) Here is a possible solution that quickly came to me, but I have no real clue on how much work it would need (and if every party involved would accept it): 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel package. The changes that are not compatible with the common case would need to be activated by a command-line switch or a specific configuration option. 2. Keep xul-ext-torbutton in Debian. It would be modified in the way that it would not appear at all in the usual browser if the previous command-line switch or specific configuration option is not active. 3. Create a new Debian package, something like "tor-browser" that would add a new menu entry labeled "Tor Browser" and that would start Iceweasel with a dedicated profile and the specific "Tor" switch. Actually, it might be better to provide Torbutton in the "tor-browser" package. Provided that it ships a dummy package "xul-ext-torbutton" as an upgrade path. Does this sound like a bad idea? Too much work? (Input from Weasel and Erinn would probably be welcome.) Last comment: we should all continue to stress out that Internet is not only made of web sites. If Internet was only about web sites, Tor would had a harder time happening: this new protocol was free to run through the cables. IMHO, associating Tor with only web browsing is like shooting ourselves in our feet: if everyone thinks "Internet = the web" no one notices when providers start to filter strange protocol, make everything travel through stupid proxies or use NAT. I am sa
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Jérémy Bobbio (lu...@debian.org): > How does that relate to Torbutton and Tor Browser Bundle? > > Well, as already pointed out by intrigeri, Debian has gone a great > length to avoid embedded code copies in its source packages. Firefox > security record is far from perfect, and I see no chance that Debian > security team and ftpmasters would accept to ship another version of > Firefox in the archive. > > If another version of Firefox cannot enter the Debian archive, the Tor > Browser Bundle will not be able to join this great "AppStore" Debian > (and Ubuntu, and others) already has. So it will need, at least, a > custom repository, or a custom way to be installed and a custom way to > tackle security updates. > > Given the amount of work Mike Hommey put in the maintainance of > Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and > weasel will have the time and energy to maintain TBB in a custom > repository. Having a dedicated application to install and update TBB > makes me really nervous as it paves the road for so many bad habits that > those users I was talking about left when they started using Debian on > their desktop. The reality is we have quite a lot of issues with every distribution. It is true that Debian gives us the least amount of hassle, though. I suspect this may just be because we're lucky enough to be so strongly socially connected to it. Because, man is it a rickety, towering bureaucracy otherwise ;). > As the maintainer of xul-ext-torbutton, I also have one question: what > upgrade path should I provide for Debian next stable release? > (Doing nothing means that 1.2.5 will stay on their system until they > remove the package.) > > Here is a possible solution that quickly came to me, but I have no real > clue on how much work it would need (and if every party involved would > accept it): > > 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel > package. The changes that are not compatible with the common case > would need to be activated by a command-line switch or a specific > configuration option. > 2. Keep xul-ext-torbutton in Debian. It would be modified in the > way that it would not appear at all in the usual browser if > the previous command-line switch or specific configuration > option is not active. > 3. Create a new Debian package, something like "tor-browser" that > would add a new menu entry labeled "Tor Browser" and that would > start Iceweasel with a dedicated profile and the specific "Tor" > switch. > Actually, it might be better to provide Torbutton in the "tor-browser" > package. Provided that it ships a dummy package "xul-ext-torbutton" as > an upgrade path. > > Does this sound like a bad idea? Too much work? > (Input from Weasel and Erinn would probably be welcome.) If Debian as a whole is willing to take our patches, that's great. We hope they'll be merged into Mozilla eventually, so it could be a good testing ground. I agree that the approach above could work. If Debian wants to conjure an alternate package that is really just a shell script that just launches an /etc/skel copied TBB Firefox profile, this sort of thing should be possible and fairly straight-forward. We can talk about this on IRC, I suppose. It likely won't be a priority on Tor's side, though. Also, I think we messed around a bit with remoting (aka new window launching) on TBB Firefox, which may cause odd behavior for your use case, or maybe not.. Erinn and sjmurdoch can tell you the details of this (or I may be able to fetch them out of my subconscious later). Our current working-plan is to provide an external repo, like we've been forced to do for Ubuntu for other reasons. This ticket is supposed to list the barriers to that: https://trac.torproject.org/projects/tor/ticket/2879 But hey, so far there are none! :) The long-term plan is to make Thandy the update future for our packages. It is hardened against a lot of attacks that OS updaters are not hardened against. We designed it because we thought it was the future for all Tor packages, and I think this means we should start acting like it. I think providing our own distro repositories is an intermediate step to self-flagellate ourselves into actually bringing Thandy online. As a last resort, could you replace torbutton with an empty package? I can give you a replacement torbutton that refuses to toggle... Is this against the debian social contract? :) > Last comment: we should all continue to stress out that Internet is > not only made of web sites. If Internet was only about web sites, Tor > would had a harder time happening: this new protocol was free to run > through the cables. IMHO, associating Tor with only web browsing is like > shooting ourselves in our feet: if everyone thinks "Internet = the web" > no one notices when providers start to filter strange protocol, make > everything travel through stupid proxies or use NAT. Right. I
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 04/11/2011 08:22 PM, Anders Andersson wrote: > I consider myself a rather technical user with a lot of knowledge > about the pitfalls of using Tor and security products in general, and > I'm scared shit whenever I want to use torbutton in firefox because > I'm afraid I will forget to toggle it, or toggle it at the wrong time, > or simply do anything wrong. I have created a separate firefox profile > with torbutton always on, and one profile without it, and separating > these is the only sane way. Agree completely. This is the setup that I have been using for a few years now. I find it annoying that "multiple profiles" is practically hidden functionality these days. I found setting it up on both windows and linux to require some careful reading and playing around to make work the first time. I actually have used it to good effect for several things. I have about 3-4 different profiles that I actively use. I can easily tell the difference between them by choosing a different theme for each one. Different themes is definitely highly recommended. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Hi, On Thu, Apr 14, 2011 at 08:29:36AM +0200, Jérémy Bobbio wrote: > Last comment: we should all continue to stress out that Internet is > not only made of web sites. If Internet was only about web sites, Tor > would had a harder time happening: this new protocol was free to run > through the cables. IMHO, associating Tor with only web browsing is like > shooting ourselves in our feet: if everyone thinks "Internet = the web" > no one notices when providers start to filter strange protocol, make > everything travel through stupid proxies or use NAT. I'm using separate tor+privoxy/polipo packages on my computers since several years now. Tor and the proxy are starting during the boot on my debian-machine. I've set up an own Firefox-Profile with torbutton for browsing the web via tor. I think it would be a no-go to stop serving standalone packages for tor. I'm connecting e.g. some of my chat-sessions to my already running tor-process, when logging in om my computer. It would be really bad, if I had to start a browser-bundle to do this. I hope, you're not planning to stop developing this standalone-packages? If this packages will exist furthermore in the future, I could live with an own pre-configured Tor-Browser-Bundle - but besides I'd like to have the possiility to configure my own Browser with torbutton. > I am saying that because having separate "tor" and "tor-browser" package > in Debian gives me an opportunity to explain that Tor can be used for > other purpose than only web browsing. ACK. Regards, sigi ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake sigi (torn...@cpunk.de): > Hi, > > On Thu, Apr 14, 2011 at 08:29:36AM +0200, Jérémy Bobbio wrote: > > Last comment: we should all continue to stress out that Internet is > > not only made of web sites. If Internet was only about web sites, Tor > > would had a harder time happening: this new protocol was free to run > > through the cables. IMHO, associating Tor with only web browsing is like > > shooting ourselves in our feet: if everyone thinks "Internet = the web" > > no one notices when providers start to filter strange protocol, make > > everything travel through stupid proxies or use NAT. > > I'm using separate tor+privoxy/polipo packages on my computers since > several years now. Tor and the proxy are starting during the boot on my > debian-machine. I've set up an own Firefox-Profile with torbutton for > browsing the web via tor. > > I think it would be a no-go to stop serving standalone packages for tor. > I'm connecting e.g. some of my chat-sessions to my already running > tor-process, when logging in om my computer. It would be really bad, if > I had to start a browser-bundle to do this. > > I hope, you're not planning to stop developing this standalone-packages? > > If this packages will exist furthermore in the future, I could live with > an own pre-configured Tor-Browser-Bundle - but besides I'd like to have > the possiility to configure my own Browser with torbutton. Yeah, we don't have any intention to stop Tor+Vidalia packaging, because relay operators and experts will have use for them. This presumably extends to the distributions. Again, I see the system Tor being used with torsocks, RSS readers, irc, etc. Basically all the system apps you've rigged through Tor that we haven't audited. Again, these system apps should not be sharing circuits with your web activity for anonymity reasons. We do want to drop the HTTP proxies like a bad habit though: https://trac.torproject.org/projects/tor/ticket/2844 Both polipo and privoxy are really starting to get unsafe in their unmaintained states.. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpnnWFdkOpr3.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Mike Perry wrote: I now no longer believe even this much. I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. Will the Linux version of the TBB use the ~/.mozilla directory to store its browser data or will it store it elsewhere? If it uses ~/.mozilla will it do it in a way that does not conflict with anything else that is there, such as a normal installation of Firefox? Jim ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
* Jim [2011:04:14 23:52 -0600]: > Mike Perry wrote: > >I now no longer believe even this much. I think we should completely > >do away with the toggle model, as well as the entire idea of Torbutton > >as a separate piece of user-facing software, and rely solely on the > >Tor Browser Bundles, except perhaps with the addition of standalone > >Tor+Vidalia binaries for use by experts and relay operators. > > Will the Linux version of the TBB use the ~/.mozilla directory to store > its browser data or will it store it elsewhere? If it uses ~/.mozilla > will it do it in a way that does not conflict with anything else that is > there, such as a normal installation of Firefox? Right now, the Linux and OS X TBBs reset the $HOME environment variable, so while they do use the ~/.mozilla directory, it's technically a .mozilla directory inside of TBB's main directory. So the short answer is yes, it does it in a way that doesn't conflict with normal installations of Firefox. pgpSEzzhyGOyr.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
* Jérémy Bobbio [2011:04:14 08:29 +0200]: > Here is a possible solution that quickly came to me, but I have no real > clue on how much work it would need (and if every party involved would > accept it): > > 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel > package. The changes that are not compatible with the common case > would need to be activated by a command-line switch or a specific > configuration option. > 2. Keep xul-ext-torbutton in Debian. It would be modified in the > way that it would not appear at all in the usual browser if > the previous command-line switch or specific configuration > option is not active. > 3. Create a new Debian package, something like "tor-browser" that > would add a new menu entry labeled "Tor Browser" and that would > start Iceweasel with a dedicated profile and the specific "Tor" > switch. > > Actually, it might be better to provide Torbutton in the "tor-browser" > package. Provided that it ships a dummy package "xul-ext-torbutton" as > an upgrade path. > > Does this sound like a bad idea? Too much work? > (Input from Weasel and Erinn would probably be welcome.) Hi Jérémy, I actually really like this idea. Getting Debian to apply our patches to Iceweasel would also have the positive side effect of us finally being able to drop Polipo as part of our Debian & Ubuntu instructions (provided Ubuntu also applies the same patches), which would achieve our long-standing goal of having our Debian/Ubuntu packages work smoothly and out of the box. I think providing Torbutton in the tor-browser package, or having xul-ext-torbutton provide a menu entry might be the better solution. (I don't actually know if packaged Firefox extensions are "allowed" to add menu entries.) I'd be shocked if FTPMaster let us put a tiny tor-browser package in the archive. :) pgpQrBZt7iW2B.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 12.04.2011 16:59, Milton Scritsmier wrote: > After reading most of the replies to this topic, I'm not sure the > average user has weighed in. [...] Thank you. This list is dominated, if not completely focused, on development and security research. The Torproject as a whole has for the last 10 years failed to split off a separate section for users (website, FAQ, mailing list, whatever). I don't think there is a proper way to do it and not duplicate stuff, however. There are a few other reasons that stopped Torproject from doing that, the most prominent I think always was that "devs should not lose contact with actual users". > And so far I don't think anybody has solved the problem of a user > who understands relatively little about computers trying to remain > secure against a regime with vast resources and skills at its disposal. I don't consider myself a security researcher, but I've been following the Tor project since its early days. The misconception and misunderstandings grew over time as the user base expanded, and while Torbutton is a great and excellent project, in a way it only further complicated things. The problem is rooted in the vocabulary. I am not sure if it's the best thing to cite, and I am in no way educated enough to say it is the definitive guide, but as far as I know the "Anon Terminology" paper published by Andreas Pfitzmann since 2000 tried to form a definitive base for discussion. He collected, if not influenced, different terms around anonymity. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml It's been a while since I've last read it, but if I remember correctly it fails to separate anonymity into different "types". Anonymity is a hard term, and simply cannot be achieved when using electronic communication. Tor, without Torbutton, tries its best to anonymize *traffic*, ie. make it hard to know who is talking to whom. Tor does not, and never did, try to fix the problem of identifying information *inside* the transported data. Tor is completely neutral in that respect. The problem is that a lot of applications transmit user identifyable information. It is not Tor's job to stop that, mostly because there is no way to know what kind of information is "identifying" in a certain situation, and if the user wants to transmit that kind of information in the first place. Torbutton, despite its name, has nothing to do with Tor. It works great for any other proxy software, too. Torbutton does what Tor does not: Block application-specific information that could leak your identity without you explicitly telling it to do so. For that, it has to know the protocol and the application. Any other application or protocol could as well be "screened and cleaned" by something like Torbutton. For example, one could write a "BittorrentButton" for a torrent client. In general, I find it hard to explain the difference, because the community lacks different names for the different properties that, as a whole, define "anonymity". At least I don't know how to separate these, but maybe I'm just not educated enough. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Mon, Apr 18, 2011 at 07:09:35AM +0200, Moritz Bartl wrote: > On 12.04.2011 16:59, Milton Scritsmier wrote: > > After reading most of the replies to this topic, I'm not sure the > > average user has weighed in. [...] > > Thank you. This list is dominated, if not completely focused, on > development and security research. The Torproject as a whole has for the > last 10 years failed to split off a separate section for users (website, > FAQ, mailing list, whatever). I don't think there is a proper way to do > it and not duplicate stuff, however. There are a few other reasons that > stopped Torproject from doing that, the most prominent I think always > was that "devs should not lose contact with actual users". > > > And so far I don't think anybody has solved the problem of a user > > who understands relatively little about computers trying to remain > > secure against a regime with vast resources and skills at its disposal. > > I don't consider myself a security researcher, but I've been following > the Tor project since its early days. The misconception and > misunderstandings grew over time as the user base expanded, and while > Torbutton is a great and excellent project, in a way it only further > complicated things. > > The problem is rooted in the vocabulary. I am not sure if it's the best > thing to cite, and I am in no way educated enough to say it is the > definitive guide, but as far as I know the "Anon Terminology" paper > published by Andreas Pfitzmann since 2000 tried to form a definitive > base for discussion. He collected, if not influenced, different terms > around anonymity. > > http://dud.inf.tu-dresden.de/Anon_Terminology.shtml > > It's been a while since I've last read it, but if I remember correctly > it fails to separate anonymity into different "types". > > Anonymity is a hard term, and simply cannot be achieved when using > electronic communication. Tor, without Torbutton, tries its best to > anonymize *traffic*, ie. make it hard to know who is talking to whom. > Tor does not, and never did, try to fix the problem of identifying > information *inside* the transported data. Tor is completely neutral in > that respect. > > The problem is that a lot of applications transmit user identifyable > information. It is not Tor's job to stop that, mostly because there is > no way to know what kind of information is "identifying" in a certain > situation, and if the user wants to transmit that kind of information in > the first place. The job of Tor has always been to separate identification from routing. And that is how we've expressed it since the beginning. Keeping this in mind makes it much easier than trying to capture technical definitions for "anonyymity", which is pretty complicated and subject of much research as well. When we do talk about anonymity it helps to say that Tor anonymizes the communication pipe, not the data that passes through it. This isn't just to narrow the scope of the problem Tor addresses, although that modularity is also a good thing. It is because we often want to identify ourselves through the anonymous pipes Tor creates. It is easy to forget that if you only think about looking at web sites when you don't want the webserver to know it is you looking. But, if someone wants to login remotely to a system of hers, or to update her blog without giving away where or who she is to anyone watching, then she wants to both make sure that she is talking to the right system (to make sure she isn't sending things to a receiver she doesn't want getting those things) and that the system knows it's her (to prevent any arbitrary person from doing what she's doing or pretending to speak on her behalf). So she wants to identify and authenticate the system, and she wants the system to identify and authenticate her. > > Torbutton, despite its name, has nothing to do with Tor. It works great > for any other proxy software, too. Torbutton does what Tor does not: > Block application-specific information that could leak your identity > without you explicitly telling it to do so. For that, it has to know the > protocol and the application. Any other application or protocol could as > well be "screened and cleaned" by something like Torbutton. For example, > one could write a "BittorrentButton" for a torrent client. > > In general, I find it hard to explain the difference, because the > community lacks different names for the different properties that, as a > whole, define "anonymity". At least I don't know how to separate these, > but maybe I'm just not educated enough. Actually we've had the terminology and conceptual machinery for at least fifteen years. What I said above I also said in talks and papers in 1996. For example, "Our goal here is not to provide anonymous communication but, to place identification where it belongs, The use of a public network should not automatically reveal the identities of communicating parties" --quoted from "Hiding Routing Information"
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
12/04/11 15:07, Mike Perry: >> If we migrate to shipping TBB, can we go on maintaining our Tails >> specific Firefox configuration delta as described above? Will the >> TBB's Firefox use the standard ways to fetch system-wide >> configuration? (I guess this should be a opt-in option, probably not >> toggle-able from the GUI, as the TBB usually wants to be as much >> independent from the host OS as possible.) > > I would prefer it if we can unify our prefs.js use, but I guess you > guys may want to support more things. I think with effort you can even > get flash running safely under a default configuration... Exactly, and there are other things (extensions mainly, see below) that TBB likely will not include but we want. I think it'd be better if we wouldn't feel constrained like this. If we'd privide a patch adding a "--use-system-default-profile" parameter that make Tor browser look for the default profile in the vanilla Firefox directory, which ought to be nigh trivial, wouldn't that make everyone happy? >> Is it imaginable to see the new TBB make use of extensions that are >> installed system-wide? (probably opt-in as well) > > Hrmm.. I don't think this will be the case... System extensions seem a > bad idea to source by default.. In fact, we should ensure we do not do > this, due to the potential to source distro branding extensions that > damage anonymity... > > Can we figure out a way to come close to a common set of extensions > and configs, so the set of extensions you must add to TBB is minimal? > > Do you have a list of your extensions anywhere? At the moment (Tails 0.7) we have these extensions that are not in TBB: * Adblock Plus. Really helps reducing page load times. * amnesia branding. * CS Lite. * FireGPG. Sadly discontinued, so this one will likely be removed at some point. * FoxyProxy. We use this for having I2P working at the same time as Tor for the rest of the Internet. And future FTP support. * Monkeysphere. We are considering adding: * NoScript. * BetterPrivacy. If we ever add a flash plugin (a Free one, though). I think it's safe to say that TBB will never include all these so the set will not be that minimal. Again I feel we'd like not to be restricted, so what about us providing a patch adding a "--use-system-extensions" parameter (or a prefs.js option if that'd work (?)) that makes Tor browser look for extensions in the vanilla Firefox directories? Cheers! signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Well, if I had an 8-core machine with 4+GB RAM, or even a single-core machine with over 1 GHz and at least 1GB RAM, I'd probably have four browser profiles for Firefox alone: one for Tor (Torbutton or whatever you guys decide to use, plus Noscript, AdBlockPlus, Cookie Monster, etc.), one for JonDo (with JonDoFox), one more complicated setup that allows me to whitelist sites I trust, e.g. my bank, while still making sure that any third party or other unwhitelisted content is loaded through a proxy (using FoxyProxy, Noscript, etc.), and a final one for guests only that does not use a proxy but does have AdBlockPlus, noscript (blacklist mode), Cookie Monster (blacklist mode) and RefControl (delete referrer when switching to a new domain)... for basic privacy protection that won't drive my guests nuts. However, seeing has how my computer is single core, less than 1 GHz, and has less than 1GB RAM, running one instance of a modern browser is hard enough on the poor thing. Multiple browsers, let alone full-blown virtualization, isn't a realistic option. Thus I am using JonDoFox, because it lets me switch between JonDo, Tor, a third proxy of my choosing (if desired) and no proxy, without having to run multiple browsers. True, there are a few features I might wish for, my nothing major than impacts my usability in any significant way. I think the key here is that there isn't one solution that will work for everyone. By all means create a nice Tor browser, designed to be used for Tor only. This is probably the best thing for most people are newer hardware who don't have to use any special accessible software for the blind or whatever. But document the changes you make and what people using other browsers would have to do in order to blend in with the Tor crowd as best they can even if they are using just a single instance of Firefox for all browsing, some other browser that works on their platform (Firefox doesn't run everywhere), some text or braille-only browser (if they are blind or just don't want a GUI), or some special browser-for-the-blind, or whatever. Yes, I realize many browsers cannot be configured to provide the same level of security as custom Firefox, at least not without delving into the source code, but not everyone has the hardware/software/ability to see/financial/other resources to have an ideal setup. Myself, I will probably continue to use JonDoFox, unless they remove their proxy switcher, it which case I'll probably be off using some other third party solution custom configured to meet my needs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/21/2011 1:22 PM, Kraktus wrote: Well, if I had an 8-core machine with 4+GB RAM, or even a single-core machine with over 1 GHz and at least 1GB RAM, I'd probably have four browser profiles for Firefox alone: ... However, seeing has how my computer is single core, less than 1 GHz, and has less than 1GB RAM, running one instance of a modern browser is hard enough on the poor thing. Don't know if you were replying to the earlier post (that I wasn't sure if he wanted to install 2 versions of FX on his machine). Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, or multiple instances of same version, didn't expect users would be running them at the same time. If you are short on RAM / CPU & want different VERSIONS, of course have to install them in diff folders, & set them to use diff profiles (if desired). But, other than needing to switch between running installations for a specific purpose, no need to have them running simultaneously. Run one & when thru w/it, shut it down & start the other. I believe you can also run simultaneous instances of same FX version (most likely using different specified profiles). Typically, one install will be the default. Others can be started using specific profiles by adding the profile name (or full path incl profile name) in the shortcut target box, after the path & executable. Like after C:\..\firefox.exe" -p myprofile4-21-11 -no-remote This assumes the profile name is already entered properly (or created) in Firefox's profile.ini file. You can create a new profile name using the profile manager. The firefox 4 [beta profile mgr] (not yet incl w/ the setup) has more options than one w/ FX v3.x. I've used it - had a couple minor issues, but over all, allows specifying which installed version will use which profile. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 21 April 2011 17:50, Joe Btfsplk wrote: > On 4/21/2011 1:22 PM, Kraktus wrote: >> >> Well, if I had an 8-core machine with 4+GB RAM, or even a single-core >> machine with over 1 GHz and at least 1GB RAM, I'd probably have four >> browser profiles for Firefox alone: ... >> >> However, seeing has how my computer is single core, less than 1 GHz, >> and has less than 1GB RAM, running one instance of a modern browser is >> hard enough on the poor thing. >> > Don't know if you were replying to the earlier post (that I wasn't sure if > he wanted to install 2 versions of FX on his machine). > > Why would you want to run several instances of Firefox - SIMULTANEOUSLY? > When I said it was easy to install multiple versions, or multiple instances > of same version, didn't expect users would be running them at the same time. > If you are short on RAM / CPU & want different VERSIONS, of course have to > install them in diff folders, & set them to use diff profiles (if desired). > But, other than needing to switch between running installations for a > specific purpose, no need to have them running simultaneously. Run one & > when thru w/it, shut it down & start the other. > > I believe you can also run simultaneous instances of same FX version (most > likely using different specified profiles). Typically, one install will be > the default. Others can be started using specific profiles by adding the > profile name (or full path incl profile name) in the shortcut target box, > after the path & executable. Like after C:\..\firefox.exe" -p > myprofile4-21-11 -no-remote > > This assumes the profile name is already entered properly (or created) in > Firefox's profile.ini file. You can create a new profile name using the > profile manager. The firefox 4 [beta profile mgr] (not yet incl w/ the > setup) has more options than one w/ FX v3.x. I've used it - had a couple > minor issues, but over all, allows specifying which installed version will > use which profile. > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk If I had a nice high CPU high RAM machine, you mean? Envision the following scenario: Alice wants to buy beeswax candles online. Because beeswax candles burn so cleanly. However, she does not wish to transfer her credit card information over Tor, or even JonDo, because she's heard of those attacks against ssl, and it's not as if there's anything anonymous about a typical credit card anyway. But while she is checking out unanonymously, she also wants to do some last minute market research to make sure she is getting top-of-the-line beeswax candles. Now, if Alice can run multiple instances of Firefox or some other browser simultaneously, then the unanonymous (or partially anonymized, with a direct connection to the vendor but anonymous connections to third party sites -- yes, I know if compare logs with the vendor, it's probably not that anonymous) connection runs in one instance of the browser, while her market research is conducted in a second totally torified instance of the browser. This decreases the amount of profiling information those advertisers get on her. Thus Alice can switch back and forth between anonymous and unanonymous browsing without having to go through the trouble of closing all her tabs and the entire browser and restarting again, provided she has a decently high CPU high RAM machine. Now, I'm not on Windows, and, as the OS I'm in at the moment can't even handle Firefox 4, I'm actually using a similar browser that's close enough that it can still use Firefox 4 add-ons. Also, JonDoFox makes running multiple instances of my non-Firefox quite easy: there's a menu option for it. Anyway, that's not the problem. The problem is that if I actually try to do it, this poor machine basically grinds to a halt. So instead, I get to play with the proxy switching interface. Or, if I really want to browse anonymously on just one or two sites and continue browsing anonymously elsewhere, I get to add said sites to the "Global proxy exceptions", and remove them when I'm done. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/22/2011 6:32 AM, Kraktus wrote: If I had a nice high CPU high RAM machine, you mean? ...I'm actually using a similar browser that's close enough that it can still use Firefox 4 add-ons. Also, JonDoFox makes running multiple instances of my non-Firefox quite easy: there's a menu option for it. Anyway, that's not the problem. The problem is that if I actually try to do it, this poor machine basically grinds to a halt. Been there before w/ older machines, short on resources. However, situations like yours aren't limited to running multiple instances of any specific prgm - it prevents running several apps at once, not just multiple browsers. In your situation, only thing is to limit # of apps that auto start in background, & if you need different browser configurations, run one instance at a time. Kind of a pain to close one browser / profile then start another. If you haven't already (& do so regularly), stop all unnecessary prgms from auto starting at boot up. These can eat up precious resources on older machines. An addon, "Tab Mix Plus" gives more options about saving sessions / open tabs, history, etc., than Firefox's native session restore. May make it a bit less hassle to close browser, use another profile, close it, & go back to origninal. Most of the configurations you're concerned about (incl the addons installed) are stored in the profile. Except for those that have resources & want to run multiple browser instances - at once - one installation of Firefox will suffice, & creating different profiles (then either using Profile Mgr to chose which profile to use at startup, or adding commands which profile to use, after each separate start icon). ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/21/2011 05:50 PM, Joe Btfsplk wrote: > Why would you want to run several instances of Firefox - > SIMULTANEOUSLY? When I said it was easy to install multiple versions, So the user could have a 'mundane' browser for day to day stuff and a Torified browser so that they could browse parts of the web with a degree of anonymity and privacy. > or multiple instances of same version, didn't expect users would be > running them at the same time. If you are short on RAM / CPU & want With sufficient system resources, this is entirely possible - I do it. I have two Firefox profiles set up on my machine with slightly different configuration settings and different sets of add-ons. > set them to use diff profiles (if desired). But, other than needing to Having different profiles makes it workable (the least powerful system I've done this on was running at 900MHz with 1GB of RAM). I need to write a how-to on that... - -- The Doctor [412/724/301/703] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: http://drwho.virtadpt.net/ "You don't write space opera in a vacuum!" --Iain M. Banks -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2xll8ACgkQO9j/K4B7F8HfJwCg8RmkgMU/1dRPIKPINLIxW8OQ assAoLFH7KCkeuMop/QooRetLO5ulWsF =hGOU -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Fri, 22 Apr 2011 10:53:19 -0400 The Doctor wrote: > > Why would you want to run several instances of Firefox - > > SIMULTANEOUSLY? When I said it was easy to install multiple > > versions, Perhaps I'm confused over the details, but I do this daily. I use TBB for my anonymous/private browsing and the system firefox for non-anonymous/private browsing. The two never mix profiles, memory, cache, etc. It works fine on a netbook with a low-end atom cpu and 512mb of ram. -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/22/2011 9:53 AM, The Doctor wrote: Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, So the user could have a 'mundane' browser for day to day stuff and a Torified browser so that they could browse parts of the web with a degree of anonymity and privacy. The operative word for * low resource * machines is "Simultaneously," as in 2 or more apps running at the same time (any, not just Firefox). Not whether 2 instances (same version or not) CAN be installed. I was mainly aiming at low resource machines, how to use diff Firefox versions or diff profiles w/ diff configurations (but only *running* one at a time). With sufficient system resources, this is entirely possible - I do it. I have two Firefox profiles set up on my machine with slightly different configuration settings and different sets of add-ons. Of course it's possible - that's what I said. I run 2 diff versions (sometimes at once) - but it's a new machine. Yes, if one has sufficient system resources, can run multiple instances simultaneously. For older machine, users will either have to use one Firefox instance at a time, or find & stop enough non essential prgms from auto starting w/ the OS (good idea, anyway). That still may not free up enough resources to run 2 Firefoxes at once. Still a good idea & often speeds up older systems considerably. There are lots of detailed articles on how to create & use multiple profiles, & how to install / use multiple instances of Firefox. Can find them in Mozillazine forum, in Mozilla knowledge base and 3rd party articles. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Fri, Apr 22, 2011 at 11:19:47AM -0500, joebtfs...@gmx.com wrote 1.8K bytes in 31 lines about: : The operative word for * low resource * machines is Can we define "low resource" then? A crappy netbook cpu with 512mb of ram is pretty low resource, but it runs both tbb and system firefox at the same time just fine. If we're talking about much older machines that can barely run one instance of firefox, then people have to switch between browsers, running only one at a time. TBB is 24MB, a full firefox install on a minimal linux install will fit in 1GB or so. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/22/2011 10:27 AM, Andrew Lewman wrote: On Fri, 22 Apr 2011 10:53:19 -0400 The Doctor wrote: Perhaps I'm confused over the details, but I do this daily. I use TBB for my anonymous/private browsing and the system firefox for non-anonymous/private browsing. The two never mix profiles, memory, cache, etc. It works fine on a netbook with a low-end atom cpu and 512mb of ram. Where most users have problems is if they just install a new (or 2nd version) of Firefox (not Tor Browser Bundle, including a modified Firefox), it will use the "default" profile, specified in the profiles.ini file. I've never installed the TBB, so don't know how it handles profiles. From what you say, it creates a separate one automatically. Installing Firefox d/l from Mozilla doesn't create a new profile, if one already exists. It uses the old one by default, unless you create a new profile (using Profile Manager) & specify that profile will be used by the new FX version (or 2nd install of same vers.). This is where many avg users become confused. If they're trying to use 2 instances of the "official" releases of Firefox from Mozilla & have them use diff profiles (for what ever reason). ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 22/04/2011, Joe Btfsplk wrote: > On 4/22/2011 6:32 AM, Kraktus wrote: >> >> If I had a nice high CPU high RAM machine, you mean? >> >> ...I'm actually using a similar browser that's >> close enough that it can still use Firefox 4 add-ons. Also, JonDoFox >> makes running multiple instances of my non-Firefox quite easy: there's >> a menu option for it. Anyway, that's not the problem. The problem is >> that if I actually try to do it, this poor machine basically grinds to >> a halt. >> > Been there before w/ older machines, short on resources. However, > situations like yours aren't limited to running multiple instances of > any specific prgm - it prevents running several apps at once, not just > multiple browsers. In your situation, only thing is to limit # of apps > that auto start in background, & if you need different browser > configurations, run one instance at a time. Kind of a pain to close one > browser / profile then start another. If you haven't already (& do so > regularly), stop all unnecessary prgms from auto starting at boot up. > These can eat up precious resources on older machines. Already done. It's not any two applications that will do it, just any two graphical applications, and heavy graphical applications at that. If I were using Lynx, Links, or even Firebird, assuredly I would not have this problem. However, Firebird is not remotely up-to-date, and as for lynx/links, well, I'm afraid support for non-graphical users, including those using braille outputs, just isn't much of a priority for most websites these days. (The corporations should be bothered with ADA complaints.) So I'm going to have this problem with just about any modern browser capable of supporting all the fanciest most annoying websites. A look at top shows that the fork of Firefox I am running is the most resource intensive application running right now. At the moment, the resident memory size is a whopping 183 megabytes, and the total memory size is an incredible 565 megabytes. The idle CPU% is only around 2-5%, but it spikes from 30-65% just from switching tabs. Loading a page, without any JavaScript or anything fancy like that, can push it over 70%. In short, my pseudo-Firefox is a huge hog, gorging itself on my system's resources. In terms of resident memory usage, most of the programs I'm running measure in kilobytes, and they tend to top out around 20 megabytes. As for total memory usage, very few programs go over 100 megabytes, and even then, none besides my pseudo-firefox go far over. Most are closer to 20-30 megabytes of total memory. > An addon, "Tab Mix Plus" gives more options about saving sessions / open > tabs, history, etc., than Firefox's native session restore. May make it > a bit less hassle to close browser, use another profile, close it, & go > back to origninal. Thanks, I'll look into that. > Most of the configurations you're concerned about (incl the addons > installed) are stored in the profile. Except for those that have > resources & want to run multiple browser instances - at once - one > installation of Firefox will suffice, & creating different profiles > (then either using Profile Mgr to chose which profile to use at startup, > or adding commands which profile to use, after each separate start icon). > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 22/04/2011, Joe Btfsplk wrote: > On 4/22/2011 10:27 AM, Andrew Lewman wrote: >> On Fri, 22 Apr 2011 10:53:19 -0400 >> The Doctor wrote: >> Perhaps I'm confused over the details, but I do this daily. I use TBB >> for my anonymous/private browsing and the system firefox for >> non-anonymous/private browsing. The two never mix profiles, memory, >> cache, etc. >> >> It works fine on a netbook with a low-end atom cpu and 512mb of ram. >> > Where most users have problems is if they just install a new (or 2nd > version) of Firefox (not Tor Browser Bundle, including a modified > Firefox), it will use the "default" profile, specified in the > profiles.ini file. I've never installed the TBB, so don't know how it > handles profiles. From what you say, it creates a separate one > automatically. Installing Firefox d/l from Mozilla doesn't create a new > profile, if one already exists. It uses the old one by default, unless > you create a new profile (using Profile Manager) & specify that profile > will be used by the new FX version (or 2nd install of same vers.). > > This is where many avg users become confused. If they're trying to use > 2 instances of the "official" releases of Firefox from Mozilla & have > them use diff profiles (for what ever reason). > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Huh? You only need one Firefox install. You just run multiple instances of the same Firefox binary. Of course, each instance has to use a different profile. You can start the second one either from the command line or using the ProfileSwitcher add-on from within the first instance of Firefox. It's the same as with lynx. I don't need a second lynx install to start another instance of lynx in another shell. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 22/04/2011, and...@torproject.org wrote: > On Fri, Apr 22, 2011 at 11:19:47AM -0500, joebtfs...@gmx.com wrote 1.8K > bytes in 31 lines about: > : The operative word for * low resource * machines is > > Can we define "low resource" then? A crappy netbook cpu with 512mb of > ram is pretty low resource, but it runs both tbb and system firefox at > the same time just fine. In my case, this is singe core, speed measured in mHz, not GHz. I do have slightly more memory than said crappy netbook, but only by 128mb. However, the hard drive is only 4200rpm, so virtual memory is really slow. The hard drive should be upgraded soon and replaced with a larger, 5400rpm one. Then I can cram multiple OSes on it *and* have faster virtual memory! > If we're talking about much older machines that can barely run one > instance of firefox, then people have to switch between browsers, > running only one at a time. TBB is 24MB, a full firefox install on a > minimal linux install will fit in 1GB or so. > > -- > Andrew > pgp key: 0x74ED336B > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk There is no Tor Browser Bundle for my operating systems, nor even an official Firefox. In fact, there's no Tor Browser Bundle that would work on my CPU, regardless of what operating systems I install in the future. Tor Browser Bundle looks to be all x86 and amd64. Fortunately, I actually have two or three options. Yes, I could stop and restart my pseudo-Firefox every time I want to switch between anonymous and non-anonymous browsing, perhaps even every time I wanted to switch between JonDo and Tor. I could also just use a proxy-switcher, whether the one on JonDoFox or some third party one. My third choice would be to attempt to find a lighter browser that would still meet my needs adequately. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake anonym (ano...@lavabit.com): > 12/04/11 15:07, Mike Perry: > >> If we migrate to shipping TBB, can we go on maintaining our Tails > >> specific Firefox configuration delta as described above? Will the > >> TBB's Firefox use the standard ways to fetch system-wide > >> configuration? (I guess this should be a opt-in option, probably not > >> toggle-able from the GUI, as the TBB usually wants to be as much > >> independent from the host OS as possible.) > > > > I would prefer it if we can unify our prefs.js use, but I guess you > > guys may want to support more things. I think with effort you can even > > get flash running safely under a default configuration... > > Exactly, and there are other things (extensions mainly, see below) that > TBB likely will not include but we want. I think it'd be better if we > wouldn't feel constrained like this. If we'd privide a patch adding a > "--use-system-default-profile" parameter that make Tor browser look for > the default profile in the vanilla Firefox directory, which ought to be > nigh trivial, wouldn't that make everyone happy? Yes. This is the way we should go. In fact, it looks like setting the about:config extensions.enabledScopes may be all you need: https://trac.torproject.org/projects/tor/ticket/2982 We will be disabling that for TBB builds. You'll just need to flip it back. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpyud0IP24RK.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
