Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake anonym (ano...@lavabit.com): 12/04/11 15:07, Mike Perry: If we migrate to shipping TBB, can we go on maintaining our Tails specific Firefox configuration delta as described above? Will the TBB's Firefox use the standard ways to fetch system-wide configuration? (I guess this should be a opt-in option, probably not toggle-able from the GUI, as the TBB usually wants to be as much independent from the host OS as possible.) I would prefer it if we can unify our prefs.js use, but I guess you guys may want to support more things. I think with effort you can even get flash running safely under a default configuration... Exactly, and there are other things (extensions mainly, see below) that TBB likely will not include but we want. I think it'd be better if we wouldn't feel constrained like this. If we'd privide a patch adding a --use-system-default-profile parameter that make Tor browser look for the default profile in the vanilla Firefox directory, which ought to be nigh trivial, wouldn't that make everyone happy? Yes. This is the way we should go. In fact, it looks like setting the about:config extensions.enabledScopes may be all you need: https://trac.torproject.org/projects/tor/ticket/2982 We will be disabling that for TBB builds. You'll just need to flip it back. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpyud0IP24RK.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 21 April 2011 17:50, Joe Btfsplk joebtfs...@gmx.com wrote: On 4/21/2011 1:22 PM, Kraktus wrote: Well, if I had an 8-core machine with 4+GB RAM, or even a single-core machine with over 1 GHz and at least 1GB RAM, I'd probably have four browser profiles for Firefox alone: ... However, seeing has how my computer is single core, less than 1 GHz, and has less than 1GB RAM, running one instance of a modern browser is hard enough on the poor thing. Don't know if you were replying to the earlier post (that I wasn't sure if he wanted to install 2 versions of FX on his machine). Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, or multiple instances of same version, didn't expect users would be running them at the same time. If you are short on RAM / CPU want different VERSIONS, of course have to install them in diff folders, set them to use diff profiles (if desired). But, other than needing to switch between running installations for a specific purpose, no need to have them running simultaneously. Run one when thru w/it, shut it down start the other. I believe you can also run simultaneous instances of same FX version (most likely using different specified profiles). Typically, one install will be the default. Others can be started using specific profiles by adding the profile name (or full path incl profile name) in the shortcut target box, after the path executable. Like after C:\..\firefox.exe -p myprofile4-21-11 -no-remote This assumes the profile name is already entered properly (or created) in Firefox's profile.ini file. You can create a new profile name using the profile manager. The firefox 4 [beta profile mgr] (not yet incl w/ the setup) has more options than one w/ FX v3.x. I've used it - had a couple minor issues, but over all, allows specifying which installed version will use which profile. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk If I had a nice high CPU high RAM machine, you mean? Envision the following scenario: Alice wants to buy beeswax candles online. Because beeswax candles burn so cleanly. However, she does not wish to transfer her credit card information over Tor, or even JonDo, because she's heard of those attacks against ssl, and it's not as if there's anything anonymous about a typical credit card anyway. But while she is checking out unanonymously, she also wants to do some last minute market research to make sure she is getting top-of-the-line beeswax candles. Now, if Alice can run multiple instances of Firefox or some other browser simultaneously, then the unanonymous (or partially anonymized, with a direct connection to the vendor but anonymous connections to third party sites -- yes, I know if compare logs with the vendor, it's probably not that anonymous) connection runs in one instance of the browser, while her market research is conducted in a second totally torified instance of the browser. This decreases the amount of profiling information those advertisers get on her. Thus Alice can switch back and forth between anonymous and unanonymous browsing without having to go through the trouble of closing all her tabs and the entire browser and restarting again, provided she has a decently high CPU high RAM machine. Now, I'm not on Windows, and, as the OS I'm in at the moment can't even handle Firefox 4, I'm actually using a similar browser that's close enough that it can still use Firefox 4 add-ons. Also, JonDoFox makes running multiple instances of my non-Firefox quite easy: there's a menu option for it. Anyway, that's not the problem. The problem is that if I actually try to do it, this poor machine basically grinds to a halt. So instead, I get to play with the proxy switching interface. Or, if I really want to browse anonymously on just one or two sites and continue browsing anonymously elsewhere, I get to add said sites to the Global proxy exceptions, and remove them when I'm done. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/22/2011 6:32 AM, Kraktus wrote: If I had a nice high CPU high RAM machine, you mean? ...I'm actually using a similar browser that's close enough that it can still use Firefox 4 add-ons. Also, JonDoFox makes running multiple instances of my non-Firefox quite easy: there's a menu option for it. Anyway, that's not the problem. The problem is that if I actually try to do it, this poor machine basically grinds to a halt. Been there before w/ older machines, short on resources. However, situations like yours aren't limited to running multiple instances of any specific prgm - it prevents running several apps at once, not just multiple browsers. In your situation, only thing is to limit # of apps that auto start in background, if you need different browser configurations, run one instance at a time. Kind of a pain to close one browser / profile then start another. If you haven't already ( do so regularly), stop all unnecessary prgms from auto starting at boot up. These can eat up precious resources on older machines. An addon, Tab Mix Plus gives more options about saving sessions / open tabs, history, etc., than Firefox's native session restore. May make it a bit less hassle to close browser, use another profile, close it, go back to origninal. Most of the configurations you're concerned about (incl the addons installed) are stored in the profile. Except for those that have resources want to run multiple browser instances - at once - one installation of Firefox will suffice, creating different profiles (then either using Profile Mgr to chose which profile to use at startup, or adding commands which profile to use, after each separate start icon). ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/21/2011 05:50 PM, Joe Btfsplk wrote: Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, So the user could have a 'mundane' browser for day to day stuff and a Torified browser so that they could browse parts of the web with a degree of anonymity and privacy. or multiple instances of same version, didn't expect users would be running them at the same time. If you are short on RAM / CPU want With sufficient system resources, this is entirely possible - I do it. I have two Firefox profiles set up on my machine with slightly different configuration settings and different sets of add-ons. set them to use diff profiles (if desired). But, other than needing to Having different profiles makes it workable (the least powerful system I've done this on was running at 900MHz with 1GB of RAM). I need to write a how-to on that... - -- The Doctor [412/724/301/703] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: http://drwho.virtadpt.net/ You don't write space opera in a vacuum! --Iain M. Banks -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2xll8ACgkQO9j/K4B7F8HfJwCg8RmkgMU/1dRPIKPINLIxW8OQ assAoLFH7KCkeuMop/QooRetLO5ulWsF =hGOU -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Fri, 22 Apr 2011 10:53:19 -0400 The Doctor dr...@virtadpt.net wrote: Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, Perhaps I'm confused over the details, but I do this daily. I use TBB for my anonymous/private browsing and the system firefox for non-anonymous/private browsing. The two never mix profiles, memory, cache, etc. It works fine on a netbook with a low-end atom cpu and 512mb of ram. -- Andrew pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Well, if I had an 8-core machine with 4+GB RAM, or even a single-core machine with over 1 GHz and at least 1GB RAM, I'd probably have four browser profiles for Firefox alone: one for Tor (Torbutton or whatever you guys decide to use, plus Noscript, AdBlockPlus, Cookie Monster, etc.), one for JonDo (with JonDoFox), one more complicated setup that allows me to whitelist sites I trust, e.g. my bank, while still making sure that any third party or other unwhitelisted content is loaded through a proxy (using FoxyProxy, Noscript, etc.), and a final one for guests only that does not use a proxy but does have AdBlockPlus, noscript (blacklist mode), Cookie Monster (blacklist mode) and RefControl (delete referrer when switching to a new domain)... for basic privacy protection that won't drive my guests nuts. However, seeing has how my computer is single core, less than 1 GHz, and has less than 1GB RAM, running one instance of a modern browser is hard enough on the poor thing. Multiple browsers, let alone full-blown virtualization, isn't a realistic option. Thus I am using JonDoFox, because it lets me switch between JonDo, Tor, a third proxy of my choosing (if desired) and no proxy, without having to run multiple browsers. True, there are a few features I might wish for, my nothing major than impacts my usability in any significant way. I think the key here is that there isn't one solution that will work for everyone. By all means create a nice Tor browser, designed to be used for Tor only. This is probably the best thing for most people are newer hardware who don't have to use any special accessible software for the blind or whatever. But document the changes you make and what people using other browsers would have to do in order to blend in with the Tor crowd as best they can even if they are using just a single instance of Firefox for all browsing, some other browser that works on their platform (Firefox doesn't run everywhere), some text or braille-only browser (if they are blind or just don't want a GUI), or some special browser-for-the-blind, or whatever. Yes, I realize many browsers cannot be configured to provide the same level of security as custom Firefox, at least not without delving into the source code, but not everyone has the hardware/software/ability to see/financial/other resources to have an ideal setup. Myself, I will probably continue to use JonDoFox, unless they remove their proxy switcher, it which case I'll probably be off using some other third party solution custom configured to meet my needs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/21/2011 1:22 PM, Kraktus wrote: Well, if I had an 8-core machine with 4+GB RAM, or even a single-core machine with over 1 GHz and at least 1GB RAM, I'd probably have four browser profiles for Firefox alone: ... However, seeing has how my computer is single core, less than 1 GHz, and has less than 1GB RAM, running one instance of a modern browser is hard enough on the poor thing. Don't know if you were replying to the earlier post (that I wasn't sure if he wanted to install 2 versions of FX on his machine). Why would you want to run several instances of Firefox - SIMULTANEOUSLY? When I said it was easy to install multiple versions, or multiple instances of same version, didn't expect users would be running them at the same time. If you are short on RAM / CPU want different VERSIONS, of course have to install them in diff folders, set them to use diff profiles (if desired). But, other than needing to switch between running installations for a specific purpose, no need to have them running simultaneously. Run one when thru w/it, shut it down start the other. I believe you can also run simultaneous instances of same FX version (most likely using different specified profiles). Typically, one install will be the default. Others can be started using specific profiles by adding the profile name (or full path incl profile name) in the shortcut target box, after the path executable. Like after C:\..\firefox.exe -p myprofile4-21-11 -no-remote This assumes the profile name is already entered properly (or created) in Firefox's profile.ini file. You can create a new profile name using the profile manager. The firefox 4 [beta profile mgr] (not yet incl w/ the setup) has more options than one w/ FX v3.x. I've used it - had a couple minor issues, but over all, allows specifying which installed version will use which profile. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 12.04.2011 16:59, Milton Scritsmier wrote: After reading most of the replies to this topic, I'm not sure the average user has weighed in. [...] Thank you. This list is dominated, if not completely focused, on development and security research. The Torproject as a whole has for the last 10 years failed to split off a separate section for users (website, FAQ, mailing list, whatever). I don't think there is a proper way to do it and not duplicate stuff, however. There are a few other reasons that stopped Torproject from doing that, the most prominent I think always was that devs should not lose contact with actual users. And so far I don't think anybody has solved the problem of a user who understands relatively little about computers trying to remain secure against a regime with vast resources and skills at its disposal. I don't consider myself a security researcher, but I've been following the Tor project since its early days. The misconception and misunderstandings grew over time as the user base expanded, and while Torbutton is a great and excellent project, in a way it only further complicated things. The problem is rooted in the vocabulary. I am not sure if it's the best thing to cite, and I am in no way educated enough to say it is the definitive guide, but as far as I know the Anon Terminology paper published by Andreas Pfitzmann since 2000 tried to form a definitive base for discussion. He collected, if not influenced, different terms around anonymity. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml It's been a while since I've last read it, but if I remember correctly it fails to separate anonymity into different types. Anonymity is a hard term, and simply cannot be achieved when using electronic communication. Tor, without Torbutton, tries its best to anonymize *traffic*, ie. make it hard to know who is talking to whom. Tor does not, and never did, try to fix the problem of identifying information *inside* the transported data. Tor is completely neutral in that respect. The problem is that a lot of applications transmit user identifyable information. It is not Tor's job to stop that, mostly because there is no way to know what kind of information is identifying in a certain situation, and if the user wants to transmit that kind of information in the first place. Torbutton, despite its name, has nothing to do with Tor. It works great for any other proxy software, too. Torbutton does what Tor does not: Block application-specific information that could leak your identity without you explicitly telling it to do so. For that, it has to know the protocol and the application. Any other application or protocol could as well be screened and cleaned by something like Torbutton. For example, one could write a BittorrentButton for a torrent client. In general, I find it hard to explain the difference, because the community lacks different names for the different properties that, as a whole, define anonymity. At least I don't know how to separate these, but maybe I'm just not educated enough. -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
* Jérémy Bobbio lu...@debian.org [2011:04:14 08:29 +0200]: Here is a possible solution that quickly came to me, but I have no real clue on how much work it would need (and if every party involved would accept it): 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel package. The changes that are not compatible with the common case would need to be activated by a command-line switch or a specific configuration option. 2. Keep xul-ext-torbutton in Debian. It would be modified in the way that it would not appear at all in the usual browser if the previous command-line switch or specific configuration option is not active. 3. Create a new Debian package, something like tor-browser that would add a new menu entry labeled Tor Browser and that would start Iceweasel with a dedicated profile and the specific Tor switch. Actually, it might be better to provide Torbutton in the tor-browser package. Provided that it ships a dummy package xul-ext-torbutton as an upgrade path. Does this sound like a bad idea? Too much work? (Input from Weasel and Erinn would probably be welcome.) Hi Jérémy, I actually really like this idea. Getting Debian to apply our patches to Iceweasel would also have the positive side effect of us finally being able to drop Polipo as part of our Debian Ubuntu instructions (provided Ubuntu also applies the same patches), which would achieve our long-standing goal of having our Debian/Ubuntu packages work smoothly and out of the box. I think providing Torbutton in the tor-browser package, or having xul-ext-torbutton provide a menu entry might be the better solution. (I don't actually know if packaged Firefox extensions are allowed to add menu entries.) I'd be shocked if FTPMaster let us put a tiny tor-browser package in the archive. :) pgpQrBZt7iW2B.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Mon, Apr 11, 2011 at 04:33:08PM -0700, Mike Perry wrote: I now no longer believe even this much. I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. As someone who participate in spreading Debian on desktop systems, I am a little bit worried on the outcomes of such decision. I think most of my concerns apply to other distributions as well. First, let's clear this out: I do not really care about the toggle model. I would be perfectly fine with having a specific application to start in order to browse the web using Tor. What I am worried about is how it would be distributed. In the recent times, I have seen a lot of people who were impressed by their phone AppStore and other variants of this software distribution model. I was really amazed, as I have a hard time seeing how different it is from what Debian have since 1998 with APT. Since 2005, it is even better: software in Debian repositories is signed using cryptographic signatures. So when retrieving an application from our store, there is a really good chance that the Debian community has verified that it does not contain spyware. The Free Software community is huge, the Debian community is quite big as well. But I still do prefer to put have some level of trust on 1000 people than to have no level of trust at all. That's what I keep telling to the folks I help installing Debian. Together with you should not install random stuff downloaded from a random web site. Why? they answer, and my reply, skipping the details, boils down to you don't need to, everything is already in Debian. And I am talking about Debian stable here. Users that do not want to spend much time dealing with how their computers work. Only about the work they want to do with their computers. Having a major system upgrade every two years is more often enough in their eyes. How does that relate to Torbutton and Tor Browser Bundle? Well, as already pointed out by intrigeri, Debian has gone a great length to avoid embedded code copies in its source packages. Firefox security record is far from perfect, and I see no chance that Debian security team and ftpmasters would accept to ship another version of Firefox in the archive. If another version of Firefox cannot enter the Debian archive, the Tor Browser Bundle will not be able to join this great AppStore Debian (and Ubuntu, and others) already has. So it will need, at least, a custom repository, or a custom way to be installed and a custom way to tackle security updates. Given the amount of work Mike Hommey put in the maintainance of Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and weasel will have the time and energy to maintain TBB in a custom repository. Having a dedicated application to install and update TBB makes me really nervous as it paves the road for so many bad habits that those users I was talking about left when they started using Debian on their desktop. As the maintainer of xul-ext-torbutton, I also have one question: what upgrade path should I provide for Debian next stable release? (Doing nothing means that 1.2.5 will stay on their system until they remove the package.) Here is a possible solution that quickly came to me, but I have no real clue on how much work it would need (and if every party involved would accept it): 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel package. The changes that are not compatible with the common case would need to be activated by a command-line switch or a specific configuration option. 2. Keep xul-ext-torbutton in Debian. It would be modified in the way that it would not appear at all in the usual browser if the previous command-line switch or specific configuration option is not active. 3. Create a new Debian package, something like tor-browser that would add a new menu entry labeled Tor Browser and that would start Iceweasel with a dedicated profile and the specific Tor switch. Actually, it might be better to provide Torbutton in the tor-browser package. Provided that it ships a dummy package xul-ext-torbutton as an upgrade path. Does this sound like a bad idea? Too much work? (Input from Weasel and Erinn would probably be welcome.) Last comment: we should all continue to stress out that Internet is not only made of web sites. If Internet was only about web sites, Tor would had a harder time happening: this new protocol was free to run through the cables. IMHO, associating Tor with only web browsing is like shooting ourselves in our feet: if everyone thinks Internet = the web no one notices when providers start to filter strange protocol, make everything travel through stupid proxies or use NAT. I am saying that because having
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Jérémy Bobbio (lu...@debian.org): How does that relate to Torbutton and Tor Browser Bundle? Well, as already pointed out by intrigeri, Debian has gone a great length to avoid embedded code copies in its source packages. Firefox security record is far from perfect, and I see no chance that Debian security team and ftpmasters would accept to ship another version of Firefox in the archive. If another version of Firefox cannot enter the Debian archive, the Tor Browser Bundle will not be able to join this great AppStore Debian (and Ubuntu, and others) already has. So it will need, at least, a custom repository, or a custom way to be installed and a custom way to tackle security updates. Given the amount of work Mike Hommey put in the maintainance of Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and weasel will have the time and energy to maintain TBB in a custom repository. Having a dedicated application to install and update TBB makes me really nervous as it paves the road for so many bad habits that those users I was talking about left when they started using Debian on their desktop. The reality is we have quite a lot of issues with every distribution. It is true that Debian gives us the least amount of hassle, though. I suspect this may just be because we're lucky enough to be so strongly socially connected to it. Because, man is it a rickety, towering bureaucracy otherwise ;). As the maintainer of xul-ext-torbutton, I also have one question: what upgrade path should I provide for Debian next stable release? (Doing nothing means that 1.2.5 will stay on their system until they remove the package.) Here is a possible solution that quickly came to me, but I have no real clue on how much work it would need (and if every party involved would accept it): 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel package. The changes that are not compatible with the common case would need to be activated by a command-line switch or a specific configuration option. 2. Keep xul-ext-torbutton in Debian. It would be modified in the way that it would not appear at all in the usual browser if the previous command-line switch or specific configuration option is not active. 3. Create a new Debian package, something like tor-browser that would add a new menu entry labeled Tor Browser and that would start Iceweasel with a dedicated profile and the specific Tor switch. Actually, it might be better to provide Torbutton in the tor-browser package. Provided that it ships a dummy package xul-ext-torbutton as an upgrade path. Does this sound like a bad idea? Too much work? (Input from Weasel and Erinn would probably be welcome.) If Debian as a whole is willing to take our patches, that's great. We hope they'll be merged into Mozilla eventually, so it could be a good testing ground. I agree that the approach above could work. If Debian wants to conjure an alternate package that is really just a shell script that just launches an /etc/skel copied TBB Firefox profile, this sort of thing should be possible and fairly straight-forward. We can talk about this on IRC, I suppose. It likely won't be a priority on Tor's side, though. Also, I think we messed around a bit with remoting (aka new window launching) on TBB Firefox, which may cause odd behavior for your use case, or maybe not.. Erinn and sjmurdoch can tell you the details of this (or I may be able to fetch them out of my subconscious later). Our current working-plan is to provide an external repo, like we've been forced to do for Ubuntu for other reasons. This ticket is supposed to list the barriers to that: https://trac.torproject.org/projects/tor/ticket/2879 But hey, so far there are none! :) The long-term plan is to make Thandy the update future for our packages. It is hardened against a lot of attacks that OS updaters are not hardened against. We designed it because we thought it was the future for all Tor packages, and I think this means we should start acting like it. I think providing our own distro repositories is an intermediate step to self-flagellate ourselves into actually bringing Thandy online. As a last resort, could you replace torbutton with an empty package? I can give you a replacement torbutton that refuses to toggle... Is this against the debian social contract? :) Last comment: we should all continue to stress out that Internet is not only made of web sites. If Internet was only about web sites, Tor would had a harder time happening: this new protocol was free to run through the cables. IMHO, associating Tor with only web browsing is like shooting ourselves in our feet: if everyone thinks Internet = the web no one notices when providers start to filter strange protocol, make everything travel through stupid proxies or use NAT. Right. I don't think that anyone is going to forget the value of non-web
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Hi, On Thu, Apr 14, 2011 at 08:29:36AM +0200, Jérémy Bobbio wrote: Last comment: we should all continue to stress out that Internet is not only made of web sites. If Internet was only about web sites, Tor would had a harder time happening: this new protocol was free to run through the cables. IMHO, associating Tor with only web browsing is like shooting ourselves in our feet: if everyone thinks Internet = the web no one notices when providers start to filter strange protocol, make everything travel through stupid proxies or use NAT. I'm using separate tor+privoxy/polipo packages on my computers since several years now. Tor and the proxy are starting during the boot on my debian-machine. I've set up an own Firefox-Profile with torbutton for browsing the web via tor. I think it would be a no-go to stop serving standalone packages for tor. I'm connecting e.g. some of my chat-sessions to my already running tor-process, when logging in om my computer. It would be really bad, if I had to start a browser-bundle to do this. I hope, you're not planning to stop developing this standalone-packages? If this packages will exist furthermore in the future, I could live with an own pre-configured Tor-Browser-Bundle - but besides I'd like to have the possiility to configure my own Browser with torbutton. I am saying that because having separate tor and tor-browser package in Debian gives me an opportunity to explain that Tor can be used for other purpose than only web browsing. ACK. Regards, sigi ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Anders Andersson (pipat...@gmail.com): On Tue, Apr 12, 2011 at 1:33 AM, Mike Perry mikepe...@fscked.org wrote: (blah blah) Thus, I can only agree to 100% that this is a good idea. The only problem I can come up with at 2 AM is that maintaining a separate firefox can be a little messy in various linux distributions unless you happen to have someone build a nice binary for you. I suppose most of the common distributions will be covered with a tor-repository and the minor distributions will generally have more knowledgable users so they can take care of the evenutal mess. Thankfully, we do. Erinn has managed to create bundles that appear to work on every Linux distro we could test, but she is looking for feedback: https://blog.torproject.org/blog/firefox-4-tor-browser-bundles-gnulinux We do this by shipping all our major dependencies with the bundle. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpCOXQOvXkn7.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake Jim (jimmy...@copper.net): Mike Perry wrote: So can anyone bring up any specific issues that may be caused by the change? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 As an aside, we also are collecting a similar set of issues for the removal of an HTTP proxy entirely from the tor distribution: https://trac.torproject.org/projects/tor/ticket/2844 My normal use case is to run Tor on a computer different from the computer which is running the browser. I then use ssh to either tunnel the HTTP proxy connection to an instance of Privoxy running on the same computer that is running Tor or I tunnel the output from Privoxy on the computer running the browser to port 9050 on the computer running Tor. (I use both methods depending on which computer I am browsing from.) I have not yet figured out how your proposal effects these use cases. Should I decide to add entries to the tracker, does one have to register to do so? Hrm, your use case would be Download the TBB, and then configure it manually to use an alternate proxy. You'd still be downloading (and running) and extra Tor and Vidalia instance, but we're hoping to make that seamless: https://trac.torproject.org/projects/tor/ticket/2264 Otherwise, you'd fall in this boat: https://trac.torproject.org/projects/tor/ticket/2848 But we're really hoping not to have to build a standalone Tor Browser outside of the Tor Browser Bundle, because it adds an entire column to the matrix of builds we'd need to do. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpn0tOQTpe5t.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Hi, Being relying myself on Firefox profiles / virtual machines rather than the toggle thing, I'd personally be happy to see it go away. Let me put my Tails developer hat on. Done. Let's go. Mike Perry wrote (11 Apr 2011 23:33:08 GMT) : The reason I am discussing this in so much detail here is because I believe there is a chance that there are users out there who rely on the toggle model and/or their OS Firefox build, and may be confused or enraged by the new model. I'm asking this list to get an idea of how many of those users there are, and to try to understand what the overall costs of this sort of migration are. [...] So can anyone bring up any specific issues that may be caused by the change? Context: Tails currently ships Debian's Iceweasel (Firefox renamed for trademark reasons) and Torbutton. We don't care for the toggle feature that is unsupported in Tails and generally confusing for Tails users. Debian has put great efforts [0] to avoid shipping embedded code copies, and I quite like it from a sysadmin point-of-view, but this is mostly irrelevant to the current discussion *in the context of Tails*, so I'll try to put aside my usual rants: if there's a serious security bug in, say, the FreeType library, we need to release updated Tails images regardless of the actual technical reason (in case we go on shipping Debian's Iceweasel with no embedded code copies + Torbutton, we want to get the updated FreeType Debian package; in case we ship the TBB, we want to get the new binary statically linked against its own FreeType copy... I guess). [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392362 This being said... I fear needing to move away from a now-unsupported Torbutton extension makes our life hard as Tails developers. Two main issues arise from the top of my head, which I'm going to describe. Since the end of Torbutton seems inevitable, I do hope my concerns can easily be dismissed and the new TBB can be a viable solution for our usecase. , | Tails-specific Firefox profile configuration ` For various reasons, the Tails Firefox configuration is likely to keep being a bit different from the TBB's one. If we are forced to use the TBB instead of our current Debian's Iceweasel+Torbutton, I wonder how/if we will we be able to maintain this delta. I guess anyone needs to know a bit how we currently do this, so as to be able to answer this question of mine. Let me explain a bit. We Tails developers have invested quite a lot of work to avoid maintaining in VCS / shipping files into $HOME that are of the binary kind (be them really binary, or enough of a mess to make the diff corresponding to a given change hard to understand). Since the good old amnesia 0.5 days, we've been building such files programmatically from plaintext, understandable source files at image build time. Just like GConf settings, the Tails Firefox profile directory falls into this category: it's pretty hard to track such a directory in VCS, change options in there while maintaining consistency, know what files shall be shipped, which ones are auto-generated at runtime and so on, among the huge pile of files one can find in a profile directory. To achieve this we use: * a system-wide profile skeleton [1] that mostly contains the preferences *.js files and two extensions that have not made their way into Debian yet * SQLite preferences files are generated at build time [2] from plaintext SQL sources [3] [1] http://git.immerda.ch/?p=amnesia.git;a=tree;f=config/chroot_local-includes/etc/iceweasel;hb=refs/heads/stable [2] http://git.immerda.ch/?p=amnesia.git;a=blob;f=config/chroot_local-hooks/13-iceweasel_sqlite;hb=refs/heads/stable [3] http://git.immerda.ch/?p=amnesia.git;a=tree;f=config/chroot_local-includes/usr/share/amnesia/iceweasel/sql;hb=refs/heads/stable If we migrate to shipping TBB, can we go on maintaining our Tails specific Firefox configuration delta as described above? Will the TBB's Firefox use the standard ways to fetch system-wide configuration? (I guess this should be a opt-in option, probably not toggle-able from the GUI, as the TBB usually wants to be as much independent from the host OS as possible.) , | Compatibility with FF extensions installed from Debian packages ` For maintainability reasons, we Tails developers tend to prefer automatic build/upgrade procedures over manually setting up things. We also tend to prefer benefiting from already existing infrastructure and processes that work well, and especially Debian's ones, over setting up our own ones. For such reasons, I feel it's both cleaner and much less time-consuming for us to install and ship Firefox extensions from the Debian archive than manually downloading those, checking file integrity and unzipping XPI files into the profile skeleton directory. Maintaining compatibility between various FF versions and various extensions is also work I would not want to do... especially since it's
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
The reason I am discussing this in so much detail here is because I believe there is a chance that there are users out there who rely on the toggle model and/or their OS Firefox build, and may be confused or enraged by the new model. I'm asking this list to get an idea of how many of those users there are, and to try to understand what the overall costs of this sort of migration are. It's not clear to me how your proposal relates to other-than-Linux. I'm using firefox on NetBSD/i386. I don't understand how this Tor Browser Bundle will appear and be integrated into the OS packaging system. Will it be a renamed copy of firefox, requiring twice the packaging effort? Or very close to existing firefox? It seems that it has been difficult to get fixes upstream to firefox; there are currently 66 patches to xulrunner sitting in pkgsrc. Or is this a firefox-tor that uses the same xulrunner? I would, without understanding, expect that the hard issues are in xulrunner. I don't find the notion of installing tor and then adding torbutton to be at all confusing. I can certainly see your point about toggling being difficult. I don't know if a plugin that makes you restart the browser after changing to Tor mode would be a big simplification and avoid the bugs. I would find that to be a great solution, as browser restarts are very fast and have no software maintenance/packaging issues. Reading your note, it sounds like the basic issue is unwilling of the firefox team to take and deploy bugfixes you think are important for security/privacy. After all, if you can fix them in a fork, the issue is about not wanting them, or finding the usefulness/cleanliness ratio not high enough. Is that a fair characterization? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Thus spake intrigeri (intrig...@boum.org): Mike Perry wrote (11 Apr 2011 23:33:08 GMT) : So can anyone bring up any specific issues that may be caused by the change? Context: Tails currently ships Debian's Iceweasel (Firefox renamed for trademark reasons) and Torbutton. We don't care for the toggle feature that is unsupported in Tails and generally confusing for Tails users. Debian has put great efforts [0] to avoid shipping embedded code copies, and I quite like it from a sysadmin point-of-view, but this is mostly irrelevant to the current discussion *in the context of Tails*, so I'll try to put aside my usual rants: if there's a serious security bug in, say, the FreeType library, we need to release updated Tails images regardless of the actual technical reason (in case we go on shipping Debian's Iceweasel with no embedded code copies + Torbutton, we want to get the updated FreeType Debian package; in case we ship the TBB, we want to get the new binary statically linked against its own FreeType copy... I guess). [0] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392362 I believe Erinn is making a dependency graph and intends on updating TBB whenever one of the built-in dependencies updates in debian. I think she even has dreams of a machine doing this for her, and kicking off automated builds. (I hope she doesn't despise me for revealing the secrets of her dreams.) If we migrate to shipping TBB, can we go on maintaining our Tails specific Firefox configuration delta as described above? Will the TBB's Firefox use the standard ways to fetch system-wide configuration? (I guess this should be a opt-in option, probably not toggle-able from the GUI, as the TBB usually wants to be as much independent from the host OS as possible.) I would prefer it if we can unify our prefs.js use, but I guess you guys may want to support more things. I think with effort you can even get flash running safely under a default configuration... What do you anticipate being the other substantial feature differences that prevent you from just providing a stock TBB? Is it imaginable to see the new TBB make use of extensions that are installed system-wide? (probably opt-in as well) Hrmm.. I don't think this will be the case... System extensions seem a bad idea to source by default.. In fact, we should ensure we do not do this, due to the potential to source distro branding extensions that damage anonymity... Can we figure out a way to come close to a common set of extensions and configs, so the set of extensions you must add to TBB is minimal? Do you have a list of your extensions anywhere? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 I'll summarize the discussion results there. In the meantime, I prefer using email if you don't mind. Yeah, it may be some round trips before we figure out new tickets. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpwC0EuzKEpa.pgp Description: PGP signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 4/11/2011 5:33 PM, Mike Perry wrote: I think the average user is horribly confused by both the toggle model and the need to install additional software into Firefox (or conversely, the need to *also* install Tor software onto their computers after they install Torbutton). I also think that the average user is not likely to use this software safely. They are likely to log in to sites over Tor that they shouldn't, forget which tor mode they are in, and forget which mode certain tabs were opened under. These are all nightmare situations for anonymity and privacy. After reading most of the replies to this topic, I'm not sure the average user has weighed in. There has been a lot of talk about running Tor on various Linuxes, using two computers, etc. I don't mean to disparage them in any way (in fact, they have proven most interesting to a relative novice Tor user such as myself) but I think all these show a lot more technical competence than the average user. I also realize there are a whole host of technical issues dealing with maintaining Torbutton vs. separate Firefox builds, and that this is the best place to address these. But I just don't think this list is the best place to address the usability issues if you really want Tor to reach the widest audience. As a Tor user and not a Tor developer, I've read the warnings on the Tor website and realize using Tor safely is much more than just installing software. But reading this list has me convinced that I never *really* know when I'm secure. The concept of Torbutton itself probably engenders a sense of false security to the casual user -- just click the button and you're secure. On the other hand, I'm not sure I want to maintain two separate Firefox installations on my computer, especially when using the official Tor browser still doesn't give me a much greater sense that I'm secure. The average user is just not a great enough expert on security to know when all the bases are covered (especially if it means gambling his or her life and liberty on it as some people do today). It seems to me that secure browsing with or without Tor is too much at the mercy of the browser it runs on, and hence here at the mercy of Mozilla (nobody even talks seriously about making Chrome or any other browser truly secure with Tor). I think all this talk about Torbutton vs. Tor browser just dances around this core issue, and that it won't likely be solved by maintaining a separate Firefox browser. And so far I don't think anybody has solved the problem of a user who understands relatively little about computers trying to remain secure against a regime with vast resources and skills at its disposal. Please understand that this not a problem with Tor developers, for whom I have the greatest respect, but with the overall problem which is inherently complex and seems to have never-ending pitfalls. Maybe I'm exhibiting a great deal of hubris in nominating myself as the average Tor user, but after using Tor off and on for years and keeping an eye on this list all that time (so maybe I'm not really the average user after all), my sense of ultimate security using it just keeps growing less and less. Milton Scritsmier ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Mike Perry wrote: I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. [Snip] So can anyone bring up any specific issues that may be caused by the change? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 As an aside, we also are collecting a similar set of issues for the removal of an HTTP proxy entirely from the tor distribution: https://trac.torproject.org/projects/tor/ticket/2844 My normal use case is to run Tor on a computer different from the computer which is running the browser. I then use ssh to either tunnel the HTTP proxy connection to an instance of Privoxy running on the same computer that is running Tor or I tunnel the output from Privoxy on the computer running the browser to port 9050 on the computer running Tor. (I use both methods depending on which computer I am browsing from.) I have not yet figured out how your proposal effects these use cases. Should I decide to add entries to the tracker, does one have to register to do so? Jim ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On 12.04.2011 04:11, Jim wrote: Mike Perry wrote: I think we should completely do away with the toggle model, as well as the entire idea of Torbutton as a separate piece of user-facing software, and rely solely on the Tor Browser Bundles, except perhaps with the addition of standalone Tor+Vidalia binaries for use by experts and relay operators. [Snip] So can anyone bring up any specific issues that may be caused by the change? We are collecting these issues as child tickets of this bug: https://trac.torproject.org/projects/tor/ticket/2880 As an aside, we also are collecting a similar set of issues for the removal of an HTTP proxy entirely from the tor distribution: https://trac.torproject.org/projects/tor/ticket/2844 My normal use case is to run Tor on a computer different from the computer which is running the browser. I then use ssh to either tunnel the HTTP proxy connection to an instance of Privoxy running on the same computer that is running Tor or I tunnel the output from Privoxy on the computer running the browser to port 9050 on the computer running Tor. (I use both methods depending on which computer I am browsing from.) I have not yet figured out how your proposal effects these use cases. Should I decide to add entries to the tracker, does one have to register to do so? Jim ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk My normal using of Tor is running iceweales and other applications starting through gksu under transparently-torified user. When I use iceweales (3.5.16, from distr Debian Squeeze) I use the TB (ealier - 1.2.5, now - 1.3.2alpha). I use another browser for browsing the Net without Tor. I use ssh and etc. services directly form command-line belonging transparently-torified users without any http-proxies, torsocks and etc. It thinks to me that it is a good idea to distribute own tor browser but I cannot find the stable version of Tor Browser Bundle on the Torprokect site. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk