Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
D
dev
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 11
    • Issues 11
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • The Tor Project
  • Web
  • dev
  • Issues
  • #10

Closed
Open
Opened Sep 09, 2017 by cypherpunks@cypherpunks

Write a guidelines documentation for requirements with Tor integration by third parties

I heard that one of the discussions in the Montreal meeting was "Encouraging Tor integration by third parties" which spawned for me the idea that there must be some guidelines documentation the requirements that should be met for each use case. For example for browsers (where integrating Tor is a goal with Brave in private browsing and it has been suggested by the (ex?)-CEO of Mozilla) among the requirements I can think of,

  1. Having the user agent the same as the Tor Browser (Otherwise fingerprinting would be easy).
  2. Stream isolation should be enforced, otherwise a single exit can watch all traffic.
  3. First party isolation should be enforced.
  4. ...etc

Of course there's already the Tor Browser design documentation, but it doesn't address this question directly, and more importantly those folks don't want to make an alternative Tor Browser, rather just a "Tor mode" to their private browsing that can enable true privacy by design.

What do you think of such an idea?

Note that this finds its parallel with little-t-tor in another ticket that I couldn't find about alternative implementations of the tor client.

Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: tpo/web/dev#10