Last Comment Bug 901614 - Adopt Tor as a feature in Firefox
: Adopt Tor as a feature in Firefox
Status: NEW
:
Product: Firefox
Classification: Client Software
Component: Security (show other bugs)
: unspecified
: All All
: -- normal with 57 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
Depends on: 984425
Blocks:
  Show dependency treegraph
 
Reported: 2013-08-05 11:07 PDT by David Dahl :ddahl
Modified: 2015-10-19 08:16 PDT (History)
61 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description David Dahl :ddahl 2013-08-05 11:07:13 PDT
Adopting and bundling TOR as an optional feature to Firefox would be a great countermeasure for those seeking more privacy online.

See: https://twitter.com/BrendanEich/statuses/364265592112414720?tw_i=364265592112414720&tw_e=details&tw_p=twt
Comment 1 David Dahl :ddahl 2013-08-05 11:08:10 PDT
Not sure where to file this bug as there are 2 ways to accomplish this: bundled extension or "built in"
Comment 2 Liz Henry (:lizzard) (needinfo? me) 2013-08-06 09:08:55 PDT
The security team and the people who work on TorBrowser probably have some thoughts on this that would be useful.
Comment 3 David Dahl :ddahl 2013-08-06 10:37:15 PDT
Also, see: https://wiki.mozilla.org/Privacy/Roadmap/Tor
Comment 4 David Dahl :ddahl 2013-08-06 10:39:44 PDT
And: https://wiki.mozilla.org/Security/Anonymous_Browsing
Comment 5 Jacob Appelbaum 2013-08-07 10:58:29 PDT
This is our design document for the Tor Browser - the desired properties a user wants from (an) incognito mode are explained well:

  https://www.torproject.org/torbrowser/design
Comment 6 Jacob Appelbaum 2013-08-07 10:58:42 PDT
This is our design document for the Tor Browser - the desired properties a user wants from (an) incognito mode are explained well:

  https://www.torproject.org/torbrowser/design
Comment 7 Gregory Maxwell 2013-08-08 13:56:12 PDT
In addition to the ability to browse with tor having general access to .onion (Tor hidden service) URLs simply work for people would be very nice, and doesn't present some of the complicating risks that general internet access has (e.g. malicious exit operators).

Beyond the benefit of privacy for the server operator that onion URLs give even someone behind nat can throw up an onion site so they're useful as a casual way to throw up a tcp server (see also: http://xkcd.com/949/), but this usefulness is handicapped by the requirement for special client software.
Comment 8 Zack Weinberg (:zwol) 2013-08-16 15:52:44 PDT
/subscribe

It seems like the first step here would be for someone to go through the Tor Browser Bundle patchset and try to merge as much of it as possible, so that the Tor folks could go back to shipping just an extension.  Unfortunately what little time I have for Mozilla hacking is already promised to layout, but I can at least assist with first-stage review and the like.

I also understand they have concerns about the amount of data collected by the various ways in which Firefox "phones home"; that's probably a longer conversation, but one that should start now.

Maybe we should have a BOF about this at the summit in October (I'll be in Toronto).
Comment 9 transprox 2013-08-26 04:18:04 PDT
While Tor is a commendable privacy extension please make sure it ships as default off and preferably can be removed completely easily. In the eyes of one too many law enforcement agencies it's related fairly closely with child pornography. I have no desire to have such a thing on my computer.
Comment 10 persona.org 2013-08-26 04:28:53 PDT
(In reply to transprox from comment #9)
> While Tor is a commendable privacy extension please make sure it ships as
> default off and preferably can be removed completely easily. In the eyes of
> one too many law enforcement agencies it's related fairly closely with child
> pornography. I have no desire to have such a thing on my computer.

With that logic we should get rid of all the kitchen knives because people use them for murder. child pornographers use cameras, computers, bank accounts, are you sure you want to own none of those too?

If 20% of the market has TOR, it's no longer a paedophile's tool. I don't think it is even now, it's more often used by people behind government blocking systems, like behind China and Iran's public filters. saying TOR is for child porn is ridiculous at best and slanderous at worst.
Comment 11 solarus 2013-08-26 07:38:49 PDT
Can you explain me why an (applicative) web browser should configure a (network) Tor tunnel ?
Web browser are intended to browse on web (captain obvious to the rescue), not to be used as an entire OS with 100+ plugins to make coffee or whatever.

The Web is one of the differents protocols used on the Internet.
Why would we use Firefox instead of our IRC Client to control TOR ?

It's not the Firefox job to configure some network hidden path.
Ask Microsoft to add TOR as a feature, it's the OS' job.
Comment 12 persona.org 2013-08-26 08:12:56 PDT
(In reply to solarus from comment #11)
> Can you explain me why an (applicative) web browser should configure a
> (network) Tor tunnel ?

... Or run ECMAscript, or set web proxies, or manage (and synchronize!) bookmarks, or...

I think TOR is an important tool for privacy and freedom from oppression, it's a vital part of the Freedom of Software, and even though I agree that browsers should not care if the underlying layers are X.25, IPv6 or TOR tunnelling. But on the other hand I also think that Firefox should not be "technically correct", it should be correct for humans, and humans need access to Freedom (like information, uncensored news and history articles, etc) even if they are not tech savvy enough to set up their own TOR client and proxy for their local machine.

If Mozilla decides to include tools promoting privacy and freedom in their products, I can't argue with it.
Comment 13 Reza Jelveh 2013-08-26 08:28:33 PDT
While I would welcome this change as well, having the browser being able to open tor tunnels would probably result in certain governments blocking firefox or worst case mozilla altogether. That might be a dangerous route to walk. A good compromise would be if the torbutton/browser features were adopted while still having a clear distinction between tor and firefox
Comment 14 jdavid.net 2013-08-26 08:31:50 PDT
I would love to see TOR built into FF.  

With personal paper work I often times shred unimportant documents along with important ones.  I would love to have TOR on by default, but doing so now, is kinda like only shredding the important documents.  If everyone uses it for everything, it could be a huge win for privacy, and personal freedom.
Comment 15 serial.rockstar 2013-08-26 10:50:44 PDT
(In reply to transprox from comment #9)
> While Tor is a commendable privacy extension please make sure it ships as
> default off and preferably can be removed completely easily. In the eyes of
> one too many law enforcement agencies it's related fairly closely with child
> pornography. I have no desire to have such a thing on my computer.

(a) LEOs[0] are one of the oldest users of TOR.

(b) It's very dangerous to support the notion that having tools to protect one's privacy is evidence of wrongdoing, and if I found that FireFox policy were driven by such textbook FUD, after over ten years, I'd have to stop using it and recommending to people that they do.

[0] Law Enforcement Officers
Comment 16 serial.rockstar 2013-08-26 10:53:45 PDT
(In reply to solarus from comment #11)
> Can you explain me why an (applicative) web browser should configure a
> (network) Tor tunnel ?
> Web browser are intended to browse on web (captain obvious to the rescue),
> not to be used as an entire OS with 100+ plugins to make coffee or whatever.
> 
> The Web is one of the differents protocols used on the Internet.
> Why would we use Firefox instead of our IRC Client to control TOR ?
> 
> It's not the Firefox job to configure some network hidden path.
> Ask Microsoft to add TOR as a feature, it's the OS' job.

(a) Very little of what you have to say makes any sense logically or grammatically.

(b) You suggest that we ask Microsoft to protect our privacy.  Seriously?

(c) As a ubiquitous tool for browsing the web available on almost every platform and device around, Firefox is a great place for this software.  It isn't actually a network configuration, it's an application-level proxy with very specialized properties.

(d) In a sensible world, FF's proxy behavior should adhere to most of the Tor browser designs anyway.
Comment 17 serial.rockstar 2013-08-26 10:56:11 PDT
(In reply to Reza Jelveh from comment #13)
> While I would welcome this change as well, having the browser being able to
> open tor tunnels would probably result in certain governments blocking
> firefox or worst case mozilla altogether. That might be a dangerous route to
> walk. A good compromise would be if the torbutton/browser features were
> adopted while still having a clear distinction between tor and firefox

(a) the word "Mozilla" is in nearly every user agent string in use today.

(b) if building better privacy features into a freely available, open-source browser like Firefox causes repressive regimes to engage in more visible action such as blocking popular software, this increases people's understanding that they live in a walled garden and is IMO a Good Thing(tm).
Comment 18 solarus 2013-08-26 11:01:18 PDT
(In reply to serial.rockstar from comment #16)

> (a) Very little of what you have to say makes any sense logically or
> grammatically.

Excuse me to be french, I didn't know that only the native English speaker could help with bugzilla.

> (b) You suggest that we ask Microsoft to protect our privacy.  Seriously?

That is the joke.

> (c) As a ubiquitous tool for browsing the web available on almost every
> platform and device around, Firefox is a great place for this software.  It
> isn't actually a network configuration, it's an application-level proxy with
> very specialized properties.

If you think that Mozilla could support Tor, so ask them to develop a proxy application, but it's not the role of the browser.
Comment 19 Josh Matthews [:jdm] (away until 9/3) 2013-08-26 11:11:51 PDT
This is the wrong venue in which to have this discussion. Please take it to the mozilla.dev.privacy mailing list instead: https://www.mozilla.org/about/forums/#dev-privacy
Comment 20 transprox 2013-08-26 11:41:46 PDT
(In reply to persona.org from comment #10)
> (In reply to transprox from comment #9)
> > While Tor is a commendable privacy extension please make sure it ships as
> > default off and preferably can be removed completely easily. In the eyes of
> > one too many law enforcement agencies it's related fairly closely with child
> > pornography. I have no desire to have such a thing on my computer.
> 
> With that logic we should get rid of all the kitchen knives because people
> use them for murder. child pornographers use cameras, computers, bank
> accounts, are you sure you want to own none of those too?

Sigh. I knew I won't be able to get people understand my point but that they won't even read what I said, that's sad. My wording was careful and important. Re-read please and try to understand -- law enforcement does not consider the primary use of knives to be murder nor cameras to be used primarily for CP. OTOH they do consider the primary use of Tor as a CP tool.
Comment 21 pera 2013-08-26 14:18:49 PDT
(In reply to transprox from comment #20)
> (In reply to persona.org from comment #10)
> > (In reply to transprox from comment #9)
> > > While Tor is a commendable privacy extension please make sure it ships as
> > > default off and preferably can be removed completely easily. In the eyes of
> > > one too many law enforcement agencies it's related fairly closely with child
> > > pornography. I have no desire to have such a thing on my computer.
> > 
> > With that logic we should get rid of all the kitchen knives because people
> > use them for murder. child pornographers use cameras, computers, bank
> > accounts, are you sure you want to own none of those too?
> 
> Sigh. I knew I won't be able to get people understand my point but that they
> won't even read what I said, that's sad. My wording was careful and
> important. Re-read please and try to understand -- law enforcement does not
> consider the primary use of knives to be murder nor cameras to be used
> primarily for CP. OTOH they do consider the primary use of Tor as a CP tool.

Citation needed; I never heard of any law enforcement talking about "the primary use of Tor", but what I did hear is that _encryption_ is the primary "CP tool", therefore according to your logic TLS should be turned off by default too..

About this topic:
https://www.torproject.org/docs/faq-abuse.html.en#WhatAboutCriminals
Comment 22 Brian Smith (:briansmith, :bsmith, use NEEDINFO?) 2013-08-26 14:32:09 PDT
(In reply to Josh Matthews [:jdm] from comment #19)
> This is the wrong venue in which to have this discussion. Please take it to
> the mozilla.dev.privacy mailing list instead:
> https://www.mozilla.org/about/forums/#dev-privacy

gomesbascoy@gmail.com, transprox@freemail.hu: As jdm said, please take the discussion to the dev-privacy mailing list. Bugzilla is not the place to debate the merits or demerits of adding Tor support to Firefox. If you click his link you can navigate to the place where you can subscribe to that mailing list. Many people subscribed to that list are eager to have a debate on the merits and demerits of adding Tor support to Firefox.
Comment 23 Reza Jelveh 2013-08-26 18:12:22 PDT
(In reply to serial.rockstar from comment #17)
> (a) the word "Mozilla" is in nearly every user agent string in use today.
that hardly matters. I visited a country with an active blocklist once. they were very well aware of how to block websites that provided vpn or proxy services even if the page did not contain that word.

even the opera minimizer service was blocked. In the case of opera it's easy to just block the service and leave the browser running, but if they can't block the service, they'll probably result to blocking the software provider altogether. just guessing here, but if i was running that thing, that's what i would do.

> (b) if building better privacy features into a freely available, open-source
> browser like Firefox causes repressive regimes to engage in more visible
> action such as blocking popular software, this increases people's
> understanding that they live in a walled garden and is IMO a Good Thing(tm).

trust me, they have no problem blocking software. and people won't have a problem getting the software under the count, as is the case with tor. the only entity getting hurt in here is mozilla. as people will probably just move on to chrome, with the usual chinese blocklist avoiders.

your ideology sounds great. and i'm with you, but the average joe won't care about any of it. the people that do are the same people that would get a hold of tor anyway.
Comment 24 Droope 2013-08-26 20:26:38 PDT
Disregarding how ethical / practical this is:

How can we go ahead and implement this? I personally would think it would be very dodgy if firefox opened a port 9050 on install by default. 

Perhaps it could be spawned upon entering annonymous mode, as described by the tor folks.

Basically the whole process is, on my mind:

1- User starts tor mode.
  a) launch tor || check if tor is enabled.
  b) set up firefox to use TOR. if tor is unsuccessfully started, should fail noticeably.
  c) prevent DNS leaks. http://support.vpnsecure.me/articles/ssh-tunnelling-proxy-troubleshooting/ssh-socks-dns-leaks-in-mozilla-firefox
  d) prevent browser fingerprinting https://wiki.mozilla.org/Security/Anonymous_Browsing && https://panopticlick.eff.org/

I am a huge noob regarding the Firefox codebase, but I see this as being necessary.
Comment 25 badon 2013-08-26 22:13:13 PDT
In my opinion, Firefox should only provide access to *.onion sites, and nothing more. IT should not try to give the user anonymity, and it shouldn't purport to offer anything other than the ability to view *.onion sites. Anonymity and security are entirely dependent on the education and skills of the user, and even when the user is competent enough, the most mundane of software bugs can undo everything. Firstly, before ANY software system claims to offer privacy via Tor, there must at least be a firewall safety net. The firewall can block non-Tor connections, so when something goes wrong, it's not a guaranteed catastrophe. Since that's not Firefox's job, my vote is only for *.onion access, and nothing more.

For info about the "safety net", I wrote an article about creating one with pfSense:

http://www.reddit.com/r/onions/comments/1l15hx/10_steps_to_make_tor_safer_with_pfsense/

The most amazing thing about that article is the fact that after a decade of experience with Tor, I had to write an article about it. A Tor-only firewall is something so fundamental to using Tor safely, it's foolish to visit Tor-land without it. On the African plains, you're just a bag of meat if you're not armed with a spear or rifle to protect yourself if something goes wrong. So it is with Tor and a firewall. 

Firefox should offer access to *.onion sites, and nothing more. Until the Tor developers realize that their recommended Tor Browser Bundle is just a bag of meat for the hyenas, don't pass along any of their promises via Firefox. Disclaim everything.
Comment 26 David Dahl :ddahl 2013-08-27 06:01:28 PDT
(In reply to Josh Matthews [:jdm] from comment #19)
> This is the wrong venue in which to have this discussion. Please take it to
> the mozilla.dev.privacy mailing list instead:
> https://www.mozilla.org/about/forums/#dev-privacy

Please, no more discussion and opinion comments. Move this discussion to dev-privacy. This bug is becoming useless for engineering purposes.
Comment 27 Sam Gleske 2013-08-29 06:57:02 PDT
As a regular user of FF the only thing so far keeping me from switching to another browser are robust development and debugging tools for web applications.  I don't care about the theme engine or other fancy stuff that has cause the browser to slow to a screeching halt on a regular basis.


TL;DR is I think this would be a great feature built in.  It would separate FF from the competition and increase the market share by bringing back some people who left to other browsers.  Though I use multiple browsers because sometimes I can take Firefox hanging all the time on Windows.  Linux is no problem.

/posted from my cell phone so autocorrect likely screwed up some of my sentences.

Note You need to log in before you can comment on or make changes to this bug.