Brendan Eich floats idea of Firefox implementing Tor as FF plug-in?

[Bernard Tyers - ei8fdb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

(I've sent this to privacy@ and also CC'ed dev-identity@ lists. Apologies for the cross-posting.)

I have been lurking for the past few months on the Moz lists. Education through observation. :) I met some of your friendly and smart Moz-ollegues at the SOUPS conference last month and we had some great conversations.

Anyhoo, I came across this tweet from Brendan Eich randomly floating the idea of Moz adopting Tor as a plug-in.

"Maybe we should just adopt, support, and bundle Tor in Firefox..." [1]

It's early days, and just a comment on Twitter, but I wonder what others have to say.

Good or bad idea? I would say (without too much thinking): turned-off by default, but available. Exciting possibilities.

Thanks,
Bernard

[1] https://twitter.com/BrendanEich/status/364265592112414720
- --------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSA767AAoJENsz1IO7MIrrsQsH/idfZbrRrbfTZP7VeoZ/6HcZ
Ek1x5UamWAeVzi/87Jj0Cy6lC71zQJmg9qEH89FUa03GqH9vrhpuLBs4z0I3l7TP
UxlpmMA5epuSypFezHCxrRlzZIDmP9ui9ekTWtFED6yeNvETDtvFoQdXjwVFF1Kx
hGS2E1iOVI1jNDzq7elkeSMncMK3RB5Tm1aCEwoVGfWloVbCaEUH8zMiTnXlgcTW
CcF6SkYd1QrrZ+gU/Ed6adbS+ZDcNBk1hDGtKVHNeJqGVihkz2lDSFBTFkd49FC+
351h60C8QbFZ9j4zVV7E+5K+yUqTZ9euwwg2BSxeXw5vUCJppGasNAZjhco/ZtE=
=naZI
-----END PGP SIGNATURE-----

[Sid Stamm]

On 8/8/13 8:52 AM, Bernard Tyers - ei8fdb wrote:
> "Maybe we should just adopt, support, and bundle Tor in Firefox..."
> [1]
>
> It's early days, and just a comment on Twitter, but I wonder what
> others have to say.
>
> Good or bad idea? I would say (without too much thinking): turned-off
> by default, but available. Exciting possibilities.

Let me turn it around: what do you think? Why would you like to see this?

I think it's interesting, and at the very least we could work more
closely with the Tor engineers to make each others software better.

-Sid

[Allen Gunn]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

On 08/08/2013 09:48 AM, Sid Stamm wrote:
> On 8/8/13 8:52 AM, Bernard Tyers - ei8fdb wrote:
>> "Maybe we should just adopt, support, and bundle Tor in
>> Firefox..." [1]
>>
>> It's early days, and just a comment on Twitter, but I wonder
>> what others have to say.
>>
>> Good or bad idea? I would say (without too much thinking):
>> turned-off by default, but available. Exciting possibilities.
>
> Let me turn it around: what do you think? Why would you like to
> see this?

As someone who had the privilege of facilitating the TorDev summer
meeting in Munich a couple of weeks back and listening to related
discourse, I personally would love the idea to be explored and scoped,
as such integration is desperately needed by a range of folks
including the broad and vague demographic known as "tech-challenged
human rights activists".

> I think it's interesting, and at the very least we could work more
> closely with the Tor engineers to make each others software
> better.

+1, and I just pinged folks at Tor, who are psyched this prospect and
this thread.

Sid, I presume you all have the contacts you need over at Tor? Andrew
from Tor is happy to make additional introductions.

thanks & peace,
gunner

> -Sid _______________________________________________ dev-privacy
> mailing list dev-p...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-privacy
>

- --

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Follow us:
Facebook: www.facebook.com/aspirationtech
Twitter: www.twitter.com/aspirationtech

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJSA+V6AAoJENVj9yFHsyq3RBsIAIxObaZL5dGG/YKWZR11WSpF
j+R5K8YIZgYuAJEIvK3VcMyxdx8eZxLT0oNiee3Ey1IQGUHxhSoLvNRrN4LEz/+L
eAnbvBKWP9shi0Q3H2XmhO8/+Kjl53XHIoRdEnuL7RrJJnrRQhE/rjOHWiiMwsNZ
fKz+jKLGCqMWUu78cq9Ke2h5BygJH7ZE96mM88t/1du/8zgx/xGQThzM+HLITygZ
sYoWo2Cp4A+mxU7APGlZ3LmKGLL+s6bkQjkiVxM69HOE2H5R5GbNvuhSUDEOF/BG
lcJ1oZ0bMnYLuwfp1a5mNyS7x9j1qrskSdfTJUz/vywN7BuwL4wdyM+Euv8ld1I=
=AKWk
-----END PGP SIGNATURE-----

[Dave Huseby]

So, the tor project maintains their own fork of firefox in the tor
browser bundle. I know that there have been efforts to try to merge
their changes into our repos. AFAIK, the main reason we haven't done so
is because some of their changes modify the default behavior of firefox.

As a side note, I have a working b2g build of libevent, openssl +
engines, and the tor daemon (all static). I'm in the process of setting
up the a good manifest so that others can recreate it. It won't be
buildable out of the box if you just clone my repos until I set up the
manifest correctly. But I've completed all of the work making
Android.mk files so that the three pieces build as b2g/external/*. If
anybody wants to take a look/help, my repos are here: github.com/dhuseby
All of my changes are in b2g branches in the libevent, openssl, and tor
forks.

-dave

On 08/08/2013 09:48 AM, Sid Stamm wrote:

[Brendan Eich]

Just to head off a bunch of posts that might amount to the same offer,
Sid knows the Tor principals and is reaching out. We're digging into all
aspects of the problem without making this any kind of boil-the-oceans
exercise. There are certainly shorter- and longer-term things to do,
including working on patches we can land that help integrate TBB,
whatever release train it targets, and keep it working without regressions.

Key to success as always is good working relations among the hackers
involved. We are stronger together than separate.

More when we know more and can say much without simply speculating, but
my tweet expressed a real "maybe"-level aspiration, with a purpose. We
want this, for some real/maintainable/secure-enough value of "this" ;-).

/be

[Bernard Tyers - ei8fdb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Sid,

"make each others software better." - Bingo.

Personally speaking:

(Disclaimer: I have been a Mozilla supporter for years, and therefore I am clearly biased!)

I am a UX professional who came via telecoms engineering (after working in mobile networks and sysadmin for years). I have an interest in privacy enhancing technologies ("PETs"), usability and giving users control over their information.

In my mind privacy is no longer *just* about the information, but more so about the control over the information.

- - What would Firefox and Tor give the user:

Firefox for me has been about following web standards, giving users control and being a strong user advocate. Always. Tor is about offering users (some who are in dangerous situations) a level of anonymity and privacy. They cannot provide total anonymity, but security is not ON or OFF.

If Mozilla was to support Tor as a plug-in Firefox users would get the best of both worlds. A browser which has a great user philosophy, and a privacy enhancing tool which gave them an extra level of assurance. Presumably it would be off by default? Or possibly incorporate Tor features into Private Browsing tabs?

Firefox has always approached technology pretty openly, transparently. Tor operates, on the whole in a pretty transparent way also. (Sometimes too transparently!)

- - What would Firefox bring to Tor:

As a human-interaction professional, for me the one area that the Tor project sometimes lacks is user-centred design. Security and usability aren't easy. In Tor's case this is understandable as the majority of the people involved are crypto/security/comp. sci people.

One of the areas Mozilla leads (or is certainly in the leading group) is in UX: security related usability, browser UI, mobile. Mozilla is also a trusted "Internet entity" (you're not a company, you're not a charity...?!)

- - What would Tor bring to Firefox:

Tor understand how to provide users with anonymising services for Internet traffic. They understand security from a technical and operational security level too. They have a supportive community. For people who know Tor, they are trustworthy, and are a project who does try to work for its users, albeit in a very technology-heavy way.

- - Affects on Internet:

It would be interesting to study the user experience of large Internet services (Google, Facebook, Twitter, etc) if a larger percentage of users were anonymising their traffic. I could see some disruption to business models. From the users point of view, this could be negative or positive. I don't know.

It would also be interesting to study the affects on the Tor network if a sudden increase in user traffic was generated. This graph shows user traffic and available bandwidth of the Tor network. [2]

- - Concerns

The major worry for me would be operational security of using Tor as a plugin. From another mailing list I am on, this was a comment:

".......but I will say that, in a general sense, this is a relatively insecure method of using Tor. Recent events have highlighted this, naturally, but Tor works best as network infrastructure where "split tunnelling" (to borrow a term from VPN architecture) is not allowed. Perhaps if it were fully sandboxed such that all communications had to go through a proxy, a la Whonix." [1]

And from Twitter I received this comment:

"the reason @torproject moved away from TorButton as an addon only & went browser bundle route was it was too easy to accidentally turn off or forget to turn on a Tor session. Can't see how Mozilla can fix this potenial #OPSEC point of failure any differently."

These comments are very valid comment. But this is exactly where I would see Mozilla being able to solve (or certainly give it a good go) this issue. I would like to think between contributors, employees, this is a problem that can be fixed by UX, security, and devoplement professionals.

Sorry for the big mail. But I thought it deserved a thorough answer. I think this would be a huge thing if Mozilla supported Tor (either as a plugin or in some other way. I am not a developer so thats out of my area)/

This is really exciting news. Lets see where it goes.

All the best,

Bernard


[1] Whonix is an operating system focused on anonymity, privacy and security
[2] https://metrics.torproject.org/network.html#bandwidth

- --------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSA/c4AAoJENsz1IO7MIrr2loH+gM0pe2Cn2qbNZLpGKhhCx8v
NoVScQSdfDhkBq1AmKTlmJbamnTugiC/i3M6a4jS4b90UJLHHnNY/KozYpn0ZmA5
hNqaVn9aOiVixkyerFkZbXCDCb0nQb41WcSUPZLa1SX8K2EptlE1VDJvjNaN+77f
/U/k4/L03AwhWv3uPNnBsg8Td6vrhjfDOnax7mDcJTTzqIOFSncRvRYGSIiB9owm
pDaZmh4+l1cn9vo6tuTSbNjnDVzGJTkvHfcSF0V+GcD+T6uDaH8N2orJIwSJc2J9
nsXUhR0zi5abo/7p+a/AnIejNdOZESgy+fdMUBtLEjRHwvaOlE70Y7ciFUvyniU=
=1VkD
-----END PGP SIGNATURE-----

[Sid Stamm]

On 08/08/2013 12:53 PM, Bernard Tyers - ei8fdb wrote:
> "the reason @torproject moved away from TorButton as an addon only &
> went browser bundle route was it was too easy to accidentally turn
> off or forget to turn on a Tor session. Can't see how Mozilla can fix
> this potenial #OPSEC point of failure any differently."

What if we do something in-your-face like change the window decorations
to make it really obvious you're using Tor?

-Sid

[Bernard Tyers - ei8fdb]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8 Aug 2013, at 19:37, Allen Gunn wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>

> Hey,

>
> On 08/08/2013 09:48 AM, Sid Stamm wrote:

>> On 8/8/13 8:52 AM, Bernard Tyers - ei8fdb wrote:
>>> "Maybe we should just adopt, support, and bundle Tor in
>>> Firefox..." [1]
>>>
>>> It's early days, and just a comment on Twitter, but I wonder
>>> what others have to say.
>>>
>>> Good or bad idea? I would say (without too much thinking):
>>> turned-off by default, but available. Exciting possibilities.
>>
>> Let me turn it around: what do you think? Why would you like to
>> see this?
>

> As someone who had the privilege of facilitating the TorDev summer
> meeting in Munich a couple of weeks back and listening to related
> discourse, I personally would love the idea to be explored and scoped,
> as such integration is desperately needed by a range of folks
> including the broad and vague demographic known as "tech-challenged
> human rights activists".

>> I think it's interesting, and at the very least we could work more
>> closely with the Tor engineers to make each others software
>> better.
>

> +1, and I just pinged folks at Tor, who are psyched this prospect and
> this thread.
>
> Sid, I presume you all have the contacts you need over at Tor? Andrew
> from Tor is happy to make additional introductions.

I'm sure you know about it already, but there is the tor-talk and tor-dev lists which might be useful for anyone interested. tor-talk is less technical focused, whereas tor-dev is development related..obviously. [1, 2]

All the best,
Bernard

[1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev/

- --------------------------------------
Bernard / bluboxthief / ei8fdb

IO91XM / www.ei8fdb.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQEcBAEBAgAGBQJSA/gjAAoJENsz1IO7MIrrGqoH/iZPevPlIT9FLEljiZi86+3r
xXgng5TLYCCfD8ukFkBByvyH+wHR0AHPG+tWVERJhPe3YWgJU+Kjm/B+ndTmeI1A
e4QczZA+QAKtYw/KTVZWKZsPpWsghq1FR1rhHW8IoKOGP9gh2OlFjNrptDK0dJwF
uHQ7OfMIUAp6Uwr/G/M4ERV2MFid/+a8U3cowdSxoFqGtUIXtcU+Bdze80jTkrFE
nO/fW2bdTAZP19nJMLHjH9AcA0uOCqSLkuPnf+RJz0Ecz9OFNVzhpaXU6rwBBgru
lIsVfZGtfgZw87sFugfd/OCC3ScTtkfLB82yqmHS6gUfH++EK5lN+jwEjdHmWHk=
=fBQf
-----END PGP SIGNATURE-----

[Bernard Tyers - ei8fdb]

In your face, might be a bit too...in your face ;)

But if you mean like Private Browsing, I think it's certainly a good starting point.

I think it would be important to understand how "at risk" users understand how TBB works.

[Sid Stamm]

On 08/08/2013 11:57 AM, Brendan Eich wrote:
> Just to head off a bunch of posts that might amount to the same offer,
> Sid knows the Tor principals and is reaching out. We're digging into all
> aspects of the problem without making this any kind of boil-the-oceans
> exercise. There are certainly shorter- and longer-term things to do,
> including working on patches we can land that help integrate TBB,
> whatever release train it targets, and keep it working without regressions.

Yep, step 1 is to help sync our builds a bit better.

Update here: discussed it with a couple folks from Tor and as we get
closer to their ESR24 patch un-bitrotting, they'll have a better idea of
what would help if it were upstreamed. Stay tuned.

-Sid

[Sid Stamm]

On 08/08/2013 11:57 AM, Brendan Eich wrote:

> Just to head off a bunch of posts that might amount to the same offer,
> Sid knows the Tor principals and is reaching out. We're digging into all
> aspects of the problem without making this any kind of boil-the-oceans
> exercise. There are certainly shorter- and longer-term things to do,
> including working on patches we can land that help integrate TBB,
> whatever release train it targets, and keep it working without regressions.