-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Sid,
"make each others software better." - Bingo.
Personally speaking:
(Disclaimer: I have been a Mozilla supporter for years, and therefore I am clearly biased!)
I am a UX professional who came via telecoms engineering (after working in mobile networks and sysadmin for years). I have an interest in privacy enhancing technologies ("PETs"), usability and giving users control over their information.
In my mind privacy is no longer *just* about the information, but more so about the control over the information.
- - What would Firefox and Tor give the user:
Firefox for me has been about following web standards, giving users control and being a strong user advocate. Always. Tor is about offering users (some who are in dangerous situations) a level of anonymity and privacy. They cannot provide total anonymity, but security is not ON or OFF.
If Mozilla was to support Tor as a plug-in Firefox users would get the best of both worlds. A browser which has a great user philosophy, and a privacy enhancing tool which gave them an extra level of assurance. Presumably it would be off by default? Or possibly incorporate Tor features into Private Browsing tabs?
Firefox has always approached technology pretty openly, transparently. Tor operates, on the whole in a pretty transparent way also. (Sometimes too transparently!)
- - What would Firefox bring to Tor:
As a human-interaction professional, for me the one area that the Tor project sometimes lacks is user-centred design. Security and usability aren't easy. In Tor's case this is understandable as the majority of the people involved are crypto/security/comp. sci people.
One of the areas Mozilla leads (or is certainly in the leading group) is in UX: security related usability, browser UI, mobile. Mozilla is also a trusted "Internet entity" (you're not a company, you're not a charity...?!)
- - What would Tor bring to Firefox:
Tor understand how to provide users with anonymising services for Internet traffic. They understand security from a technical and operational security level too. They have a supportive community. For people who know Tor, they are trustworthy, and are a project who does try to work for its users, albeit in a very technology-heavy way.
- - Affects on Internet:
It would be interesting to study the user experience of large Internet services (Google, Facebook, Twitter, etc) if a larger percentage of users were anonymising their traffic. I could see some disruption to business models. From the users point of view, this could be negative or positive. I don't know.
It would also be interesting to study the affects on the Tor network if a sudden increase in user traffic was generated. This graph shows user traffic and available bandwidth of the Tor network. [2]
- - Concerns
The major worry for me would be operational security of using Tor as a plugin. From another mailing list I am on, this was a comment:
".......but I will say that, in a general sense, this is a relatively insecure method of using Tor. Recent events have highlighted this, naturally, but Tor works best as network infrastructure where "split tunnelling" (to borrow a term from VPN architecture) is not allowed. Perhaps if it were fully sandboxed such that all communications had to go through a proxy, a la Whonix." [1]
And from Twitter I received this comment:
"the reason @torproject moved away from TorButton as an addon only & went browser bundle route was it was too easy to accidentally turn off or forget to turn on a Tor session. Can't see how Mozilla can fix this potenial #OPSEC point of failure any differently."
These comments are very valid comment. But this is exactly where I would see Mozilla being able to solve (or certainly give it a good go) this issue. I would like to think between contributors, employees, this is a problem that can be fixed by UX, security, and devoplement professionals.
Sorry for the big mail. But I thought it deserved a thorough answer. I think this would be a huge thing if Mozilla supported Tor (either as a plugin or in some other way. I am not a developer so thats out of my area)/
This is really exciting news. Lets see where it goes.
All the best,
Bernard
[1] Whonix is an operating system focused on anonymity, privacy and security
[2]
https://metrics.torproject.org/network.html#bandwidth
- --------------------------------------
Bernard / bluboxthief / ei8fdb
IO91XM /
www.ei8fdb.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools -
http://gpgtools.org
iQEcBAEBAgAGBQJSA/c4AAoJENsz1IO7MIrr2loH+gM0pe2Cn2qbNZLpGKhhCx8v
NoVScQSdfDhkBq1AmKTlmJbamnTugiC/i3M6a4jS4b90UJLHHnNY/KozYpn0ZmA5
hNqaVn9aOiVixkyerFkZbXCDCb0nQb41WcSUPZLa1SX8K2EptlE1VDJvjNaN+77f
/U/k4/L03AwhWv3uPNnBsg8Td6vrhjfDOnax7mDcJTTzqIOFSncRvRYGSIiB9owm
pDaZmh4+l1cn9vo6tuTSbNjnDVzGJTkvHfcSF0V+GcD+T6uDaH8N2orJIwSJc2J9
nsXUhR0zi5abo/7p+a/AnIejNdOZESgy+fdMUBtLEjRHwvaOlE70Y7ciFUvyniU=
=1VkD
-----END PGP SIGNATURE-----