Sponsor 4

Project Title: Core Tor and Tor Browser Development

Project Period: December 1, 2016 - March 31, 2018

Project !Goals/Activities

The deliverables of this proposal are the 'activities' listed below for each team, Core Tor and Tor Browser.

Core Tor

• Objective 1: Empower users with limited access to powerful devices and fast networks to access and more easily use secure, private networks in faster, more stable online interactions.
  • Subobjective 1.1: Reduce Tor processing overhead for low-bandwidth scenarios.
    • '''Activity:''' Improve the Directory Authority consensus part of the Tor network in order to optimize low bandwidth users experience.

Tor Browser

• Objective 2: Make it easier and more attractive for non-technical and mainstream users to use censorship evasion software to access blocked online resources and communities.

  • Subobjective 2.1: Improve usability of “Tor Launcher” censorship configuration wizard.
    • '''Activity:''' Improve usability of Tor Browser initial configuration (“Launcher”) UI.
  • Subobjective 2.2: Improve accessibility of censorship-circumvention “Bridges”
    • '''Activity:''' Implement Automatic Bridge discovery for censored users.

• Objective 3: Develop and implement defenses against online profiling and attacks in the face of emergent and increasingly sophisticated security and privacy threats.

  • Subobjective 3.1: Further defend against profiling through browser fingerprinting attacks
    • '''Activity 1:''' Continue to improve third party tracking and fingerprinting defenses.
    • '''Activity 2:''' Integrate a custom Panopticlick Instance to measure Tor Browser specific fingerprintability adding new tests as needed.
  • Subobjective 3.2: Reduce exposure to unknown future vulnerabilities.
    • '''Activity 1:''' Add selfrando to the regular browser alphas and investigate shipping it to stable users (Linux-only for now).
    • '''Activity 2:''' Test impact and viability of hardening options: A) using Intel's MPX (memory protection extension) for hardened builds, B) deploying STACK, which checks for optimization-unstable code, C) SafeSEH (secure exception handling).
    • '''Activity 3:''' Test Undefined Behavior Sanitizer (UBSan) support for either hardened standard builds or special QA builds, in order to identify critical compiling problems early.
  • Subobjective 3.3: Reduce overall potential impact of browser vulnerabilities.
    • '''Activity:''' Explore sandboxing options and adopt Mozilla’s sandbox when ready.
  • Subobjective 3.4: Eliminate emergent security and privacy holes in the browser foundation.
    • '''Activity 1:''' Review and alter or disable new browser features based on security and privacy risk.
    • '''Activity 2:''' Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.
  • Subobjective 3.5: Enhance Tor Browser’s “Security Slider” security configuration wizard.
    • '''Activity:''' Refresh the Security Slider based on vulnerability history for each ESR release.
  • Subobjective 3.6: Browser patch cleanup & merge with Firefox
    • '''Activity 1:''' Review the new features and changes in each Firefox ESR release for privacy and Tor safety.
    • '''Activity 2:''' Update and merge as many of our current patches with Mozilla as possible.
  • Subobjective 3.7: Increase response capacity for new defenses and capabilities by optimizing release processes.
    • '''Activity 1:''' Update our build system (e.g., toolchains and reproducible builds process) to handle subsequent Firefox ESR releases and specifically in response to Firefox changing their tools and outputs.
    • '''Activity 2:''' Optimize automated source-controlled software distribution (Gitian).
    • '''Activity 3:''' Optimize build processes (e.g., unified vs split, consistency across multiple products)

Project Tracking

December 2016 / January 2017

• Core Tor Dec 2016 - Jan 2017 report
• Tor Browser Dec 2016 report
• Tor Browser Jan 2017 report

February 2017

• Core Tor Feb 2017 report
• Tor Browser Feb 2017 report

March 2017