Improving the Mac Browser Bundle
Summary: Currently the Mac browser bundle isn't very Mac-like, and it includes some basic problems.
Separation of TorBrowser and Vidalia One issue straight away is that TorBrowser and Vidalia are bundled into a single app. This isn't necessarily a problem on its own, however one side-effect appears to be that if you open TorBrowser, causing Vidalia to open, and fail to close Vidalia after you've closed the browser, then you cannot re-open the browser when opening TorBrowser-en-US.
I would recommend separating the browser from Vidalia entirely, and simply provide the package with its own implementation of Tor. When launching the browser the script inside would look to see if a version of Tor is already running and, if not, will open the bundled version of Tor in client-mode with sensible, safe defaults (greatest compatibility with firewalls etc.).
This way if a user wants to run Tor as a relay then they can simply download Vidalia separately and set it up to run in the background. Thus when they open their browser it will use Vidalia's copy of Tor instead. By looking for a valid Tor process a user could skip Vidalia entirely and simply use Tor via command line/script.
TorBrowser Settings While I respect that TorBrowser is intended to provide a secure experience, the lack of any settings persistence is somewhat annoying. Personally I don't mind allowing some of FireFox's history items such as pages I've visited, and even cookies provided they are not from third-parties and are cleared when I close the browser. I don't know if any plugins already exist or if TorButton could include it, but being able to clear cookies when I leave a domain (I no longer have any tabs/windows open for that domain) would be good.
In any event, access to some of the basic FireFox settings is highly desirable so that I can setup TorBrowser just as I would the normal version of FireFox, but with the added benefit of knowing my traffic is safe from inspection.
Ideally the TorBrowser settings would just be stored in my user library as normal; the current behaviour of storing the settings inside the TorBrowser-en-US bundle actually seems less secure to me, as the contents of the TorBrowser-en-US/Library folder are actually world-visible but not writable, meaning that other users on the same machine could potentially see those contents, but also they would require their own copy of TorBrowser as placing a copy in /Applications/ wouldn't work due to conflicting permissions.
Besides which, I believe that removing FireFox's settings from the bundle will allow the package to be signed for OS X's GateKeeper. If TorBrowser uses a default FireFox profile then it should be possible for a launcher script to simply copy this from within the bundle into a user's Library folder on launch.
Conclusion I think these kinds of changes would allow the TorBrowser bundle to better focus on being a browser that connects to Tor, and improve integration with Mac OS X. I may take a look at this myself if I have a chance, as if it can be done using a shell script alone then I can probably Mac-ify TorBrowser a bit better, but I don't know when I'll get a chance to look at it properly as I know little about Tor, launching FireFox by command line, and application bundles ;)
Trac:
Username: Haravikk