|
|
|
# Sponsor 4
|
|
|
|
Project Title: Core Tor and Tor Browser Development
|
|
|
|
|
|
|
|
Project Period: December 1, 2016 - March 31, 2018
|
|
|
|
|
|
|
|
## Project !Goals/Activities
|
|
|
|
The deliverables of this proposal are the **'activities**' listed below for each team, Core Tor and Tor Browser.
|
|
|
|
|
|
|
|
### Core Tor
|
|
|
|
* **Objective 1: Empower users with limited access to powerful devices and fast networks to access and more easily use secure, private networks in faster, more stable online interactions.**
|
|
|
|
* **Subobjective 1.1:** Reduce Tor processing overhead for low-bandwidth scenarios.
|
|
|
|
* '''Activity:''' Improve the Directory Authority consensus part of the Tor network in order to optimize low bandwidth users experience.
|
|
|
|
|
|
|
|
### **Tor Browser**
|
|
|
|
* **Objective 2: Make it easier and more attractive for non-technical and mainstream users to use censorship evasion software to access blocked online resources and communities.**
|
|
|
|
* **Subobjective 2.1:** Improve usability of “Tor Launcher” censorship configuration wizard.
|
|
|
|
* '''Activity:''' Improve usability of Tor Browser initial configuration (“Launcher”) UI.
|
|
|
|
* **Subobjective 2.2:** Improve accessibility of censorship-circumvention “Bridges”
|
|
|
|
* '''Activity:''' Implement Automatic Bridge discovery for censored users.
|
|
|
|
|
|
|
|
* **Objective 3: Develop and implement defenses against online profiling and attacks in the face of emergent and increasingly sophisticated security and privacy threats.**
|
|
|
|
* **Subobjective 3.1:** Further defend against profiling through browser fingerprinting attacks
|
|
|
|
* '''Activity 1:''' Continue to improve third party tracking and fingerprinting defenses.
|
|
|
|
* '''Activity 2:''' Integrate a custom Panopticlick Instance to measure Tor Browser specific fingerprintability adding new tests as needed.
|
|
|
|
* **Subobjective 3.2:** Reduce exposure to unknown future vulnerabilities.
|
|
|
|
* '''Activity 1:''' Add selfrando to the regular browser alphas and investigate shipping it to stable users (Linux-only for now).
|
|
|
|
* '''Activity 2:''' Test impact and viability of hardening options: A) using Intel's MPX (memory protection extension) for hardened builds, B) deploying STACK, which checks for optimization-unstable code, C) SafeSEH (secure exception handling).
|
|
|
|
* '''Activity 3:''' Test Undefined Behavior Sanitizer (UBSan) support for either hardened standard builds or special QA builds, in order to identify critical compiling problems early.
|
|
|
|
* **Subobjective 3.3:** Reduce overall potential impact of browser vulnerabilities.
|
|
|
|
* '''Activity:''' Explore sandboxing options and adopt Mozilla’s sandbox when ready.
|
|
|
|
* **Subobjective 3.4:** Eliminate emergent security and privacy holes in the browser foundation.
|
|
|
|
* '''Activity 1:''' Review and alter or disable new browser features based on security and privacy risk.
|
|
|
|
* '''Activity 2:''' Rigorously memory safety test (eg: fuzzing) using Address Sanitizer builds.
|
|
|
|
* **Subobjective 3.5:** Enhance Tor Browser’s “Security Slider” security configuration wizard.
|
|
|
|
* '''Activity:''' Refresh the Security Slider based on vulnerability history for each ESR release.
|
|
|
|
* **Subobjective 3.6:** Browser patch cleanup & merge with Firefox
|
|
|
|
* '''Activity 1:''' Review the new features and changes in each Firefox ESR release for privacy and Tor safety.
|
|
|
|
* '''Activity 2:''' Update and merge as many of our current patches with Mozilla as possible.
|
|
|
|
* **Subobjective 3.7:** Increase response capacity for new defenses and capabilities by optimizing release processes.
|
|
|
|
* '''Activity 1:''' Update our build system (e.g., toolchains and reproducible builds process) to handle subsequent Firefox ESR releases and specifically in response to Firefox changing their tools and outputs.
|
|
|
|
* '''Activity 2:''' Optimize automated source-controlled software distribution (Gitian).
|
|
|
|
* '''Activity 3:''' Optimize build processes (e.g., unified vs split, consistency across multiple products)
|
|
|
|
|
|
|
|
## Project Tracking
|
|
|
|
**December 2016 / January 2017**
|
|
|
|
|
|
|
|
* [Core Tor Dec 2016 - Jan 2017 report](https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Sponsor4/CoreTorTeam-Dec%3A16-Jan%3A17-Report.txt)
|
|
|
|
* [Tor Browser Dec 2016 report](https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Sponsor4/TorBrowserTeam-December-2016-Report.txt)
|
|
|
|
* [Tor Browser Jan 2017 report](https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Sponsor4/TorBrowserTeam-January-2017-Report.txt)
|
|
|
|
|
|
|
|
**February 2017**
|
|
|
|
|
|
|
|
* [Core Tor Feb 2017 report](https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Sponsor4/CoreTorTeam-February-2017-Report.txt)
|
|
|
|
* [Tor Browser Feb 2017 report](https://trac.torproject.org/projects/tor/attachment/wiki/org/sponsors/Sponsor4/TorBrowserTeam-February-2017-Report.txt)
|
|
|
|
|
|
|
|
**March 2017** |
|
|
|
\ No newline at end of file |