If you've used Tor, you've probably used Tor Browser, and if you've used Tor Browser you've used Firefox. By lines of code, Tor Browser is mostly Firefox -- there are some modifications and some additions, but around 95% of the code in Tor Browser comes from Firefox. The Firefox and Tor Browser teams have collaborated for a long time, but in 2016, we started to take it to the next level, bringing Firefox and Tor Browser closer together than ever before. With closer collaboration, we're enabling the Tor Browser team to do their jobs more easily, adding more privacy options for Firefox users, and making both browsers more secure.
[...] In 2016, we started an effort to take the Tor Browser patches and "uplift" them to Firefox. When a patch gets uplifted, we take the change that Tor Browser needs and we add it to Firefox in such a way that it's disabled by default, but can be enabled by changing a preference value. That saves the Tor Browser team work, since they can just change preferences instead of updating patches. And it gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience.
Our first major target in the uplift project was a feature called First Party Isolation, which provides a very strong anti-tracking protection (at the risk of breaking some websites). Mozilla formed a dedicated team to take the First Party Isolation features in Tor Browser and implement them in Firefox, using the same technology we used to build the containers feature. The team also developed thorough test and QA processes to make sure that the isolation in Firefox is as strong as what's in Tor Browser -- and even identified some ways to add even stronger protections. The Mozilla team worked closely with the Tor Browser team, including weekly calls and an in-person meeting in September.
First Party Isolation will be incorporated in Firefox 52, the basis for the next major version of Tor Browser. As a result, the Tor Browser team won't have to update their First Party Isolation patches for this version. In Firefox, First Party Isolation is disabled by default (because of the compatibility risk), but Firefox users can opt in to using First Party Isolation by going to about:config and setting "privacy.firstparty.isolate" to "true".
We're excited to continue this collaboration in 2017. Work will start soon on uplifting a set of patches that prevent various forms of browser fingerprinting. We'll also be looking at how we can work together on sandboxing, building on the work that Yawning Angel has done for Tor Browser and the Firefox sandboxing features that are scheduled to start shipping in early 2017.
takyon: Where's the long-rumored Tor integration in default Firefox? Make Firefox useful again.
Previously: Some Tor Privacy Settings Coming to Firefox
Tor Project and Mozilla Making It Harder for Malware to Unmask Users
Related Stories
The Daily Dot has a story about a browser vendor who wants to package Tor as part of its private browsing mode. From the article:
Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a “private browsing mode” in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off.
“They very much like Tor Browser and would like to ship it to their customer base,” Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. “Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users.”
The author elaborates:
The product that best fits Lewman’s description by our estimation is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
The story appears to have gleaned most of its information from a tor-dev mailing list post. An interesting reply from Tor developer Mike Perry explains how Tor can be modified so that the network can handle the extra load.
While the Tor browser is based on Firefox ESR, it is modified with additional privacy and security settings to protect users of the browser while using the program. Considering that Tor browser is used by some in critical situations, whistleblowing, publishing news or communication, it is only natural that a stronger focus on privacy and security is necessary.
Mozilla acknowledges these modifications, and plans to integrate some of them in Firefox natively. In fact, the company has already begun to integrate some in Firefox, and plans to integrate others in the future.
Tor-specific privacy settings are often not suitable for Firefox's mainstream audience. That's why you need to enable these settings manually in Firefox before they become available.
Big change is coming "with the support of 'Unix domain sockets', and some other tweaks. A Unix domain socket is basically a way for two programs on the same computer to talk to each other without using an underlying network protocol. With that, the Firefox half of the Tor Browser should no longer need network access, Barnes continued.
"That means that you could run it in a sandbox with no network access (only a Unix domain socket to the proxy), and it would still work fine. And then, even if the Firefox half of Tor Browser were compromised, it wouldn't be able to make a network connection to de-anonymize the user," he said.
This project is a collaboration between the Tor Project and Mozilla, according to Barnes. He said it started when the Tor Project did some work on adding Unix domain socket capabilities to the Tor proxy and browser. After that, Mozilla added a general capability to Firefox allowing it to talk to proxies over Unix domain sockets. And now, the Tor Browser team is working on putting this general capability into the Tor Browser, and Mozilla is helping to fix any bugs that come up, Barnes said."
After years of talk, Tor may finally be integrated with the main Firefox browser soon:
The Tor Project announced that it's working with Mozilla to integrate Tor into Firefox. Eventually, this should completely eliminate the need for the Tor Browser, as most of its features would be merged into Firefox's new "super-private mode."
The Tor Browser is based on the Extended Support Release (ESR) version of Firefox, because it's a more stable development cycle that only patches bugs and doesn't add new features for 11 months or so. This means it doesn't disrupt how the Tor Browser works too much, and the Tor Project developers don't have to integrate many new features into their browser every few weeks.
Despite this, the Tor Project developers said that it takes a lot of time to rebase Tor Browser patches to new versions of Firefox. This is why Mozilla has started integrating Tor's patches into Firefox on its own through the "Tor Uplift Project."
Firefox has also adopted new security features from the Tor Browser such as first party isolation (which prevents cookies from tracking you across domains) and fingerprint resistance (which blocks user tracking through canvas elements). However, first party isolation is off by default in Firefox and fingerprint resistance can break some websites. You can enable first party isolation in about:config or by installing this add-on for it.
[...] The developers said all these features would enable a "real" private mode in Firefox, which could completely replace the need for the Tor Browser to exist. This "super-private mode" could be used by hundreds of millions of users eventually, which is why Mozilla first needs to ensure that the Tor network can scale with such usage. That means more people will need to run Tor relays. Mozilla may be able to help here by donating money to nonprofits that can run Tor relays.
Could this be the way to get Firefox above 10% market share (except that if it's done correctly, nobody will be able to measure it)?
(Score: -1, Flamebait) by Anonymous Coward on Friday January 06 2017, @08:18AM
Hey here's an idea since you're integrating shady crap into firefox. Make the browser automatically tunnel past Comcast login portals and make every xfinitywifi spot go straight to tor effortlessly. Seriously. Do it. I want to see which method you idiots choose to use (there are at least four ways into xfinitywifi) and how soon Comcast locks you out.
(Score: 0) by Anonymous Coward on Friday January 06 2017, @08:30AM
Post all four ways.
(Score: -1, Troll) by Anonymous Coward on Friday January 06 2017, @08:48AM
Dude you're supposed to whine "you lying bro cuz I seen every video on youtub and mac spoofing is the only way so fuk u their cant be 4 like no."
(Score: 0) by Anonymous Coward on Friday January 06 2017, @08:52AM
If FireTorFox does MAC spoofing I will laugh my fucking ass off.
(Score: 0) by Anonymous Coward on Saturday January 07 2017, @01:10AM
is lame, lame, lame. Lame!
Tor is for morons, right? Morons who can't even get around a captive portal. Bunch of dudebros being all nonymous like whoa. Morons.
(Score: -1, Troll) by Anonymous Coward on Saturday January 07 2017, @01:42AM
Show proper respect for the undeniable awesomeness of TOR.
Onion onion onion jihad.
(Score: 1, Interesting) by Anonymous Coward on Friday January 06 2017, @09:00AM
Yawning Angel was the ship who was sent by the Culture to spy on the Sleeper Service. Yep. No way Yawning Angel is a government spy tasked with ensuring Tor Browser is insecure by design. Not even possible.
(Score: 0) by Anonymous Coward on Friday January 06 2017, @04:02PM
Yeah because when you are a government spy you deliberately chose a name that gives away your intentions.
That's totally how professional spies work. Opsec? We don't need any stinking opsec,
(Score: 4, Touché) by PiMuNu on Friday January 06 2017, @10:48AM
This is great. Mozilla actually implementing a useful new feature in firefox...
(Score: 2) by opinionated_science on Friday January 06 2017, @12:17PM
a process/task manager would be nice - now they have multiprocessing ;-)
(Score: 1, Interesting) by Anonymous Coward on Friday January 06 2017, @05:28PM
I still think there are two huge improvements for security on the web. First would be to gut the user-agent header to just be a generic "Firefox" string. The reason is that this would drastically cut down the ability to track based on things like OS and processor architecture and would also affect how easy it is to get new 0-days. The reason for the latter is that once a few versions get out like that, it will be impossible to tell them apart and the malware people would have to decide to try and infect everyone with the latest or give themselves away by potentially using patched vulnerabilities.
Second would be to add salt and hashing on the client side for passwords or other data. The reason is that it would help with MITM and other attacks. And yes, I know it isn't a replacement for doing it on the server side as well.
(Score: 2) by LoRdTAW on Friday January 06 2017, @03:02PM
FTFY
On a more serious note: (tl;dr) web page should only render content, no play/stream media or control anything outside of the page rendering layout.)
If you want to truly make the web browser great again, give the user back full control. I want to see all window control disabled either permanently or by default. No resizing (which is already thankfully default), no opening new tabs, windows or anything. Completely kill any ability to ever enable pop-overs/unders. And kill the dialogue box while your at it ("Are you sure you want to close this page?" - yes motherfucker, I'm quite sure.) How many nefarious sites and poison ads have trapped stupid fucking chrome and FF in an endless loop of dialogue boxes (chrome only fixed last year FFS). The most insulting part is chrome locks up and gives only focus to the dialogue box, cant open the menu, cant switch tabs, can't even close the damn browser. What ever retard though that was a good idea should be stoned to death with mouse balls. Next is to disable HTML 5 audio and video playback by default to thwart infrasound de-anonymizing attacks and hyper annoying video ads. It can be designed so a warning is displayed saying this page is attempting to play audio/video, allow/deny?
Yea yea, there are add-on's. But think about it, we need third party add-on's to make a browser useful. How stupid is that? It was like people defending the Windows 8 UI disaster by telling complainers to buy a windows shell utility to restore classic start menu functionality. Fuck you, fix the shitty anti-consumer designs.
(Score: 2, Insightful) by Anonymous Coward on Friday January 06 2017, @03:55PM
The page about first party isolation, linked in the summary, is a great read. At least it was for me as I've been thinking a lot about the issue - especially using the URL in the urlbar as the key for each "identity." Their thoughts on spoofing (they call it randomization) were insightful and have almost convinced me that spoofing is not worth the effort because spoofing requires more developer work than equivalent uniformity coverage and developer resources are the gating factor.
I just hope that in implementing uniformity they don't exclude the potential for spoofing via plugins. I could see Mozilla thinking that they don't want to let a plugin deliberately fiddle with fingerprintable characteristics because of the potential for a malicious plugin deliberately making the browser fingerprintable. But, Even if spoofing is not effective against the most dedicated fingerprinters it still has potential against 'casual' fingerprinters and sites that just do stupid things because they think they know your browser better than you do.
(Score: 0) by Anonymous Coward on Friday January 06 2017, @08:23PM
its 2017, tor is still a thing? really?!?
(Score: 0) by Anonymous Coward on Saturday January 07 2017, @01:18AM
Totally still a thing. It's so fucking trendy to see movies about the dark web now.