
Tor executive director hints at Firefox integration - blottsie
http://www.dailydot.com/politics/tor-mozilla-firefox/
======
tedks
It would be _so great_ if Mozilla integrated Tor. Beyond the curse of success
mentioned in the article, it would really lower the burden on the Tor
developers, who have had to support a lot of patches from Firefox that Mozilla
have been slow to merge.

My main concern is that this will be hidden behind an option or an "extreme
private" mode -- Tor seems too high-latency for the typical use-case of
private browsing (image viewing and video streaming).

If you run a web service and would like to provide high-security anonymous
access, consider running an Exit Enclave -- a Tor exit configured to exit only
to your site. If Tor detects that your exit and your site share an IP address,
it will automatically extend the normally 3-hop circuit to your node, and the
traffic will exit the Tor network on your machine rather than an arbitrary
node (which could be malicious).

I hope this finally kills the "only criminals use Tor" narrative the NSA and
periodically, the media push. Everyone deserves strong anonymity.

~~~
robertfw
I hadn't heard of Exit Enclaves before, when I looked it up in the docs [0] it
appears that they are not going to be supported in versions > 0.2.3.x.

[0]
[https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclav...](https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave):

~~~
D4AHNGM
Well, that sucks. DuckDuckGo run a Tor exit enclave. I hope this doesn't put
them off running an exit node, even if only to their own servers:
[https://duckduckgo.com/privacy](https://duckduckgo.com/privacy)

------
synctext
The article mentions "hundreds of millions of new users". That would be great
news for privacy on The Internet.

But it would surely slow the Tor network to a halt. Users trying out privacy-
enhancing technology would be disappointed guaranteed with 30+ seconds page
load times.

Tor has roughly 1000 exit nodes, all traffic flows through them. It needs to
have much more capacity to handle that kind of load. Who is going to pay for
100x or 1000x server capacity?

~~~
tedks
That is precisely the topic of the article. For a more in-depth view, you can
read this tor-talk mailing list thread:
[http://archives.seul.org/or/dev/Sep-2014/msg00091.html](http://archives.seul.org/or/dev/Sep-2014/msg00091.html)

(This is the original source for the Dot article.)

A summary: Raw bandwidth isn't the limiting factor in scaling Tor; before you
just plug in traffic to the network, you'd need to optimize Tor's internal
protocols to make expansion of the network even possible. However, those
hurdles are fairly small, and once they're handled, it's just a matter of
funding to pump up more nodes, which is much more simple.

Further, not all Firefox users (if the article's speculation is correct) will
be using private browsing at once. So the actual increase is probably 5-10%
(at most? anyone know actual statistics about private browsing?) of that
number.

------
mike_hearn
I suspect this will start hitting problems when users discover that lots of
sites break in unexpected or mysterious ways when run in "Super Private Mode"
or whatever they call it. Tor is blocked or treated suspiciously by a LOT of
different sites. It's not at all a free upgrade.

------
etiam
Wonderful news. I am particularly looking forward to having torified
connection in a browser with some continuity and customization. The bundles
are stripped of customizations and I find it inconvenient to bring along
bookmarks and chosen extensions manually at every upgrade of the bundle.

I realize it's often for good reason that the bundles are minimalistic, but I
see no fundamental reason why I should have to relinquish bookmarks and
personal settings to stay anonymous, and it would be great if this could spur
a greater drive to make it clear what extensions are safe or new browser
architecture that would make it safe to use add-ons in general with Tor.

------
cyphunk
Bravo. I would imagine this would be as an alternate and not in the default
mainline. Whomever takes this step first will probably find it being used as a
catalyst for much more than just anonymity. First users whom hit copyright
walls on youtube and other sites have a quick route around: "The Net
interprets censorship as damage and routes around it." \-- John Gilmore. But
beyond this the services that could be built on mostly hidden end points are
immense. Personal mail servers, instant access to files at home, selective
public vs private sharing groups, etc.

------
patcon
For anyone interested in exclusively using Tor on Android immediately, check
out orWall, a root-requiring proxy that blocks all regular traffic by default
and allows app-specific access of your choosing to exit via Tor. Only on
F-Droid market for now, but coming to Play Store soon.

[https://orwall.org/](https://orwall.org/)

------
kilovoltaire
Somewhat relatedly, has Firefox ever considering having a built-in ad blocker?

That would really set it apart, in my opinion.

~~~
chimeracoder
Mozilla's funding comes primarily from search partners (namely Google)[0][1] -
I don't think they could do this and still survive as a company at this point,
sadly.

At the same time, if every Firefox user donated even $1 to Mozilla, they
wouldn't need to take this money[2], and could probably be a bit more carefree
in these decisions.

[0] [https://www.mozilla.org/en-
US/foundation/annualreport/2012/f...](https://www.mozilla.org/en-
US/foundation/annualreport/2012/faq/)

[1]
[https://en.wikipedia.org/wiki/Mozilla_Foundation#Financing](https://en.wikipedia.org/wiki/Mozilla_Foundation#Financing)

[2]
[https://en.wikipedia.org/wiki/Firefox](https://en.wikipedia.org/wiki/Firefox)

~~~
kilovoltaire
Haha wow thanks for the info. I had no idea that they're almost entirely
funded by an ad company (Google); so much for that idea!

------
solnyshok
They mention it in passing in the article, but I think that it is very
important to make it a default setting, something like "donate 5% of my
bandwidth to internet privacy". 500 million exit nodes minus 3 geeks that
choose to go deep into settings to disable it.

------
patcon
I would LOSE MY MIND if this happened! Wahoo!

EDIT: I am literally giddy with excitement over this prospect. Had to come
back to add that

------
xkarga00
That's great news for both sides! Can't wait for it to happen

