Project Title: Core Tor and Tor Browser Development
Project Period: December 1, 2016 - March 31, 2018
The deliverables of this proposal are the 'activities' listed below for each team, Core Tor and Tor Browser.
Objective 1: Empower users with limited access to powerful devices and fast networks to access and more easily use secure, private networks in faster, more stable online interactions.
Subobjective 1.1: Reduce Tor processing overhead for low-bandwidth scenarios.
- '''Activity:''' Improve the Directory Authority consensus part of the Tor network in order to optimize low bandwidth users experience.
- Subobjective 1.1: Reduce Tor processing overhead for low-bandwidth scenarios.
Objective 2: Make it easier and more attractive for non-technical and mainstream users to use censorship evasion software to access blocked online resources and communities.
Subobjective 2.1: Improve usability of “Tor Launcher” censorship configuration wizard.
- '''Activity:''' Improve usability of Tor Browser initial configuration (“Launcher”) UI.
Subobjective 2.2: Improve accessibility of censorship-circumvention “Bridges”
- '''Activity:''' Implement Automatic Bridge discovery for censored users.
- Subobjective 2.1: Improve usability of “Tor Launcher” censorship configuration wizard.
Objective 3: Develop and implement defenses against online profiling and attacks in the face of emergent and increasingly sophisticated security and privacy threats.
Subobjective 3.1: Further defend against profiling through browser fingerprinting attacks
- '''Activity 1:''' Continue to improve third party tracking and fingerprinting defenses.
- '''Activity 2:''' Integrate a custom Panopticlick Instance to measure Tor Browser specific fingerprintability adding new tests as needed.
Subobjective 3.2: Reduce exposure to unknown future vulnerabilities.
- '''Activity 1:''' Add selfrando to the regular browser alphas and investigate shipping it to stable users (Linux-only for now).
- '''Activity 2:''' Test impact and viability of hardening options: A) using Intel's MPX (memory protection extension) for hardened builds, B) deploying STACK, which checks for optimization-unstable code, C) SafeSEH (secure exception handling).
- '''Activity 3:''' Test Undefined Behavior Sanitizer (UBSan) support for either hardened standard builds or special QA builds, in order to identify critical compiling problems early.
Subobjective 3.3: Reduce overall potential impact of browser vulnerabilities.
- '''Activity:''' Explore sandboxing options and adopt Mozilla’s sandbox when ready.
Subobjective 3.4: Eliminate emergent security and privacy holes in the browser foundation.
- '''Activity 1:''' Review and alter or disable new browser features based on security and privacy risk.
- '''Activity 2:''' Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.
Subobjective 3.5: Enhance Tor Browser’s “Security Slider” security configuration wizard.
- '''Activity:''' Refresh the Security Slider based on vulnerability history for each ESR release.
Subobjective 3.6: Browser patch cleanup & merge with Firefox
- '''Activity 1:''' Review the new features and changes in each Firefox ESR release for privacy and Tor safety.
- '''Activity 2:''' Update and merge as many of our current patches with Mozilla as possible.
Subobjective 3.7: Increase response capacity for new defenses and capabilities by optimizing release processes.
- '''Activity 1:''' Update our build system (e.g., toolchains and reproducible builds process) to handle subsequent Firefox ESR releases and specifically in response to Firefox changing their tools and outputs.
- '''Activity 2:''' Optimize automated source-controlled software distribution (Gitian).
- '''Activity 3:''' Optimize build processes (e.g., unified vs split, consistency across multiple products)
- Subobjective 3.1: Further defend against profiling through browser fingerprinting attacks
December 2016 / January 2017