|
|
There are two main topics of this session:
|
|
|
1. Discussion a proposal for a "Tor mode" addon for Firefox.
|
|
|
2. Triage of Tor Browser patches that are candidates for uplift into Firefox.
|
|
|
|
|
|
=== Tor Mode Add-on proposal ===
|
|
|
|
|
|
There is an idea to, in the future, have Firefox use Tor
|
|
|
in private browsing mode, or an a new extra-private mode.
|
|
|
That will take a lot of engineering work and buy-in.
|
|
|
To help smooth the path, there is a proposal for a "Tor mode" addon.
|
|
|
This would not be packaged with the browser by default,
|
|
|
but would be something that users could download from addons.mozilla.org
|
|
|
to give them a "Tor mode" button or similar.
|
|
|
It would allow users to experience what an eventual full integration with Tor
|
|
|
could look like.
|
|
|
It could also help gauge interest by counting downloads, etc.
|
|
|
|
|
|
acat has demonstrated how to compile tor to WASM.
|
|
|
This would allow packaging all the necessary tor code inside the addon itself,
|
|
|
without a dependency on external binaries.
|
|
|
The addon would still need to be a privileged addon.
|
|
|
|
|
|
Question: What's that?
|
|
|
Answer: A privileged addon is one with elevated privileges compared to a standard WebExtension. It can call XPCOM functions, for example. A privileged addon needs to be signed by Mozilla, or something, but the idea for this proposal is to have it produced and distributed by Mozilla anyway, so that's not a problem.
|
|
|
|
|
|
The addon would configure the browser to use tor as a proxy,
|
|
|
as well as setting various prefs to prevent proxy bypasses and resist fingerprinting,
|
|
|
much like those set by Tor Browser.
|
|
|
|
|
|
Discussion of visual options for UI.
|
|
|
Clicking the Tor-mode button would probably open a new window
|
|
|
that uses a dedicated profile.
|
|
|
This is because some of the prefs that the addon has to set
|
|
|
are global to a profile, not to a window or a tab.
|
|
|
|
|
|
What to do about HTTP?
|
|
|
The feeling is that it's dangerous to pass unauthenticated HTTP
|
|
|
through exit nodes.
|
|
|
Packaging NoScript does not provide the best experience either.
|
|
|
The easiest solution is to enforce (require) HTTPS when in Tor mode.
|
|
|
|
|
|
=== Patch uplift ===
|
|
|
|
|
|
We looked at https://torpat.ch/, which is a list of patches that appear
|
|
|
in Tor Browser tickets that may be considered for uplift into Firefox.
|
|
|
The rows are color coded. Some trac.torproject.org tickets
|
|
|
are already matched to a bugzilla.mozilla.org bug.
|
|
|
There is a big list of untriaged tickets.
|
|
|
Patch uplift is going to be on hold for a few months.
|
|
|
The group went through the untriaged patches
|
|
|
and made a list of ones that are potentially upliftable. |
|
|
\ No newline at end of file |