
Tor at the Heart: Firefox - nachtigall
https://blog.torproject.org/blog/tor-heart-firefox
======
tlrobinson
Why doesn't Tor browser just automagically run a read-only lightweight Linux
VM who's only program is Firefox, and only network connection is proxied
through Tor? Seems like that would solve almost every fingerprinting and
sandbox escape vulnerability.

~~~
moondev
[https://github.com/paulczar/docker-
torbrowser](https://github.com/paulczar/docker-torbrowser)

~~~
chimeracoder
That shares your X11 session, which is a security nightmare. If you're running
an untrusted application, you should absolutely not give it access to your X11
session.

(There are other reasons you might want to have a Tor browser running inside a
container, but if the main goal is to nullify fingerprinting and sandbox
exploits, you're better off just using an actual VM).

~~~
noja
Wayland is less of a security nightmare, how would it work with Wayland?

------
noja
I'd like to see the canvas fingerprinting dealt with in Firefox mainline, it's
used everywhere.

~~~
SamBam
How accurate is canvas fingerprinting? And could it be used in the courts
(which would seem a pertinent question for many Tor users)?

~~~
noja
Someone else can answer better than me, but
[https://panopticlick.eff.org](https://panopticlick.eff.org) claims the canvas
fingerprint provides 17 bits of identifying information (click detailed
results after testing)

~~~
MR4D
On mine, the System Fonts give 17 bits of info (1 in roughly 200,000
computers). User-Agent is next with only 8 bits.

Based on that alone, it seems that just replying back with either a blank font
list or the minimal standard font list (e.g. only Times & Arial) would solve
most of _this_ problem.

I'd love to see the Firefox team fix that first.

~~~
kibwen
Unless every browser in the world adopts the same list, replying with a fixed
list of fonts would make users of a given browser immediately recognizable
(especially for low-marketshare browsers like Tor). Seems like you'd want a
system where the response to a list-of-fonts query would be semi-random and
likely to overlap with the lists that are naturally produced by other
browsers.

~~~
eslaught
But user agents already identify the browser, right?

I agree that implementing this first in Tor is probably not a good idea, but
if Firefox were to do it first, then I don't see the problem. "They're a
Firefox user" isn't nearly as specific information.

~~~
dexterdog
User agent gives the browser version and platform version. Two macs with the
same OS version and the latest version of Chrome will have the same user
agent.

~~~
nsgi
That's the point. With this feature, two computers with the latest version of
Firefox would have the same font list.

~~~
dexterdog
Is that true? I thought the point of using the font list for fingerprinting is
that it can vary widely from user to user.

------
nmy
It will increase security and privacy in Firefox, that's great.

------
cupantae
I'm getting HTTPS errors on two platforms (and two internet connections) for
this website. It seems fairly ironic, but I guess it's just me. Am I doing
something wrong?

IIDRN says it's up:
[http://www.isitdownrightnow.com/torproject.org.html](http://www.isitdownrightnow.com/torproject.org.html)

~~~
tlack
I hate to be that guy but considering the subject of the site.. perhaps
tampering? Might be worth collecting some info to understand the problem.

------
saurik
Why did they make up this term "uplift" instead of just saying "upstream"?

~~~
mburns
[https://wiki.mozilla.org/Release_Management/Uplift_rules](https://wiki.mozilla.org/Release_Management/Uplift_rules)

~~~
akavel
Truth said, I can't find an explanation/definition of what actually an
"uplift" means there?

~~~
leojackson
It looks like this page is designed for people who already know what an
"uplift" is, but wish to implement it properly. That being said, it also
appears that "uplifts" will include bug fixes made in Tor Browser and sent
upstream to Firefox, rather than just features added (but disabled by default)
as was implied in the OP article. I would have assumed that bug fixes made in
a downstream product would already have a mechanism to find their way to
Firefox. Maybe "uplift" was the term all along for that mechanism, or is a
rebranding of it?

~~~
selenamarie
Uplift to us is bringing the patches into mozilla-central pref'd off so that
Tor developers can just pref features on, rather than re-merge patches for
each major and dot release. We also add tend to add tests.

------
swiley
Why use firefox at all? why not something based on libcurl that absolutely
does not talk back to the server after reciving the document unless the user
clicks on a link or submits a form?

~~~
cobbzilla
that's the Richard Stallman approach: [https://stallman.org/stallman-
computing.html](https://stallman.org/stallman-computing.html)

he has a script that he can poke to download the content and email it to
himself. then he reads it with emacs or maybe lynx with no networking enabled.

~~~
dexterdog
At least he doesn't print it out.

