Write a guidelines documentation for requirements with Tor integration by third parties
I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,
- Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
- Stream isolation should be enforced, otherwise a single exit can watch all traffic.
- First party isolation should be enforced.
Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.
What do you think of such an idea?
Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.