
Partnering with Mozilla - tete
https://blog.torproject.org/blog/partnering-mozilla
======
hackuser
One major challenge:

Using Tor, end users can easily and unintentionally compromise their
confidentiality by disclosing information explicitly (e.g., their email logon)
or implicitly (habits, browser fingerprints, and other identifiers); it takes
discipline to remain anonymous on Tor and even technically skilled hidden
service operators, with reason to be paranoid about illegal businesses, fail
to do it. Also, leaked documents say that use of security services, including
VPNs and I think Tor also, causes the data to be retained by the NSA for
future decryption.

How can Mozilla and their partners provide confidentiality in a way that
increases end-user security, rather than attracting further scrutiny or, far
worse, providing dangerously false assurances? The answer cannot depend on end
users understanding the technology or subtle tradeoffs; the vast majority will
never understand.

One thought: Route all Firefox users through Tor relays by default, creating
some security-through-obscurity. There are problems with that, of course,
including the blacklisting of Tor relays from many sites.

~~~
ryan-c
Routing all Firefox users through Tor relays by default would be madness.

* It would make Firefox slow.

* It would place a tremendous load on the Tor network.

* It would defeat content filtering (which includes blocking malware) on enterprise networks.

* It would expose users to traffic interception and manipulation who wouldn't otherwise be so exposed.

~~~
higherpurpose
Here's what could help - turning all users into (exit) relays. That strategy
has worked for torrents very well - all downloaders are also seeders (I think
it's a similar situation).

This solves multiple things:

1) makes it much harder to do traffic analysis

2) makes it almost impossible to "go after relays". Sure, they'll still try to
arrest some here and there, just like they try to arrest people who torrent
movies, and even with the mass copyright laws they couldn't stop piracy. There
were just many more who did it, making the hunted down but a tiny percentage.

3) _should_ make the legal defense case even stronger than it is now for
relays. You can say today that "you don't know what's happening through your
relay", however you still _have to choose_ to become a relay. I think that
says something. It may not be a huge case in the prosecutor's favor, but it
may convince the judge to be against you in some cases. But if everyone is a
relay and you can use the defense that "this is just how Tor/Firefox works", I
think that would work a little better

4) should improve speed since relays can't be choked anymore

5) I'm not sure about this one, but I think it should make it much harder to
DDoS Tor users/hidden services as well?

I think having the way Tor works currently is a _design flaw_ in Tor. Tor
should be "fully distributed" in a way.

As for the argument "but then no one will use Tor if they are forced to be
relays!" \- I just don't buy it. I think there may be some that will get
scared in the short term, but then see Tor actually gets _more secure_ this
way in the long term, and will return. I also believe Tor will get more new
users in the long term this way.

EDIT: What I'm referring to is turning everyone into exit relays/nodes. My
arguments remain the same. If it's not illegal for people to have an exit node
in US (as Tor claims [1]), then it shouldn't be illegal for _millions_ to do
it either. In fact it could be a sort of _stronger_ civil disobedience thing.

Plus, even if _it is_ illegal, so is piracy. That hasn't stopped millions from
doing it. Just like "being gay", what's legal and what's illegal is a matter
of how we shape our laws. To _change_ those laws, first you need someone to
break them and change the society in a different direction. If you didn't have
anyone to break a law in a certain direction, then laws would never need to be
changed.

[1] - [https://www.torproject.org/eff/tor-legal-
faq.html.en](https://www.torproject.org/eff/tor-legal-faq.html.en)

~~~
stingraycharles
The problem is that you do not make the distinction between a regular relay
and an exit node. There are enough regular relays in the tor network, but
people hesitate running exit nodes because of the legal liabilities: many ISPs
do not want you to run a tor exit node, because of the nature of some traffic
coming through the tor network (illegal marketplaces, child porn, etc -- as
you can read in the article, even Mozilla doesn't want to host exit relays).

If you make this the default, you're opening a can of worms legal-wise. If you
make only non-exit relays the default, your whole plan defeats its purpose,
because then exit nodes remain the weakest link (as they are now).

~~~
pcthrowaway
I agree that it's too crazy for Mozilla to seriously consider it.

But, assuming Tor did receive widespread adoption of exit nodes at this scale,
the internet would have to adapt to accommodate this many people rerouting
other people's traffic. ISPs would encounter the same backlash for throttling
or blocking users who run exit nodes as they currently face when doing it to
users running Netflix.

Unfortunately, it takes mass adoption to force this kind of adaptation, and
it's generally an easier fight to maintain venues of freedom than to open new
ones. So we have a chicken and egg problem essentially; Mass adoption is
necessary to force regulatory and infrastructural accommodation, and that
accommodation is necessary to foster mass adoption.

~~~
Tomte
"The law just _has to_ change to adapt to our new technical ways" ist a common
fallacy with techies. And has been working /splendidly/ for decades now.

More importantly, letting every of your users out in the rain with his legal
problems until you have finally been successful in changing the law is not a
recommended way to treat your users.

------
navyrain
This sort of this is pretty exciting. Now that users are aware of NSA hijinks,
and are familiar with the Privacy modes of their current browsers, I'd like to
see Mozilla move towards a "Super Privacy" mode where they route over a built-
in Tor client.

Of course, the dream would be to have all Firefox clients run Tor relay nodes
out of the box, backed by Mozilla-supported exit nodes.

~~~
mccr8
As hackuser says elsewhere, Tor is not really a fire-and-forget security
solution. My understanding is that in order to use it without compromising
yourself you need to have a fairly sophisticated understanding of its
limitations.

~~~
GigabyteCoin
That could easily change with the help of a well funded team like Mozilla.

~~~
UweSchmidt
A lot of internet usage is logging in to Email, FB. If you do that an attacker
knows that this particular user is _you_. Not sure how that can be "fixed"
easily.

To recap the current situation: You need to run a normal browser (for
convenience) for facebooking (of course running NoScript, Ghostery,
RequestPolicy etc.) and the Tor browser for researching things you don't want
to be associated with your identity (yet nothing that law enforcement or
intelligence agencies care about).

~~~
MrJagil
"A lot of internet usage is logging in to Email, FB. If you do that an
attacker knows that this particular user is you. Not sure how that can be
"fixed" easily."

When data is inputted to a HTML-form an alert could pop up. "Disclosing your
login details may compromise your privacy" At least that would educate users,
similarly as the warning text on Chromes New Tab incognito page.

------
kijin
More relays? That's great, but why not exit nodes?

Mozilla certainly has the manpower and infrastructure to operate a bunch of
exit nodes, and if they have any legal qualms about it, hey, they just
partnered with an EFF project, right?

~~~
synchronise
What I don't understand is why Tor doesn't bundle their relays with their
clients and have a network that scales better naturally, like I2P, and instead
relies on people hosting their own, hopefully high bandwidth, relays.

~~~
kijin
I'm guessing that hosting relays could get people in trouble in some
jurisdictions, even if they're just middle relays and not exit nodes.

Since the goal of Tor is to let people use the internet safely in such
jurisdictions -- in fact, _especially_ in such jurisdictions -- some might
consider the loss of relay bandwidth an acceptable compromise.

------
grumpo
Hm. I'm thinking Mozilla may be a modern day NRA.

The point of the right to bear arms is to protect the people from a government
engaging in tyranny. The point of TOR is ideally the same. Maybe it's time to
classify encryption as a weapon again.

~~~
meowface
That's sort of true, except guns are used to assault while anonymity is used
to defend.

~~~
girvo
Anonymity can be used to assault, too.

~~~
jMyles
...and guns to defend.

~~~
01Michael10
Guns are NOT defensive weapons... You could be standing in the Starbucks line
with any weapon of your choosing and I can just walk up to you and pull out a
pistol and splatter your brains across the counter. No problem...

EDIT - Why is my off-topic comment with an argument being down-voted in a
reply to a off-topic statement with no argument is not? There must be a lot of
gun lovers on Hacker News...

~~~
zobzu
Because your argument makes no sense at all to the majority (me included). A
tool is a tool. Its how you use it that makes it good or bad.

I tend to believe that people who see a tool as one that can only be used in
one direction, to be the ones most likely to use it in that direction.

~~~
01Michael10
Did your comment have something to do with what I posted? I was pointing out
guns (yes, they are tools) are not good defensive weapons (the wrong tool).

~~~
zobzu
that's your opinion. they're used as defensive weapons everywhere. your
opinion is that its not effective.

~~~
01Michael10
Really? Just you saying they are defensive weapons makes it so?

You remember that news story from a couple of years ago in Seattle (I
think)... Four professionally trained and armed policemen sitting at a coffee
shop and one person walks up and shoots them all dead? Their guns were
useless...

If we were living in movie world I would say guns are great defensive weapons
because the good guys always know the bad guys are coming and have their guns
drawn (or have super human reaction and aim). In real life? Not so much...

~~~
zobzu
Yes. If you own a gun it doesn't mean that you're planning to shot anyone with
it or that it's bound to happen. If you say you use it as a defense weapon and
you actually do that (which is what a lot of gun owners in the USA say) then
its a defensive weapon.

It's not about shooting back with lightning fast reflexes. It's dissuasion, or
sometimes against wild life too. It also doesn't mean its going to save you
every time either. Nothing works every single time, we'd know by now.

Of course its also used to kill. For homicides, what not. Heck flower pots are
used for homicides too.

The point is that the decision is in the hands of the human behind the
trigger, if guns didn't exist, they'd use swords. If sword's didn't exist,
they'd use blunts. and so on.

~~~
01Michael10
Once again your comment has nothing to do with what I am talking about...

I am not making a moral judgment about guns. I am merely stating they are not
defensive weapons as they not designed for that...

Swords? Well, if you had a sword and I had a sword it is possible for me to
block your strikes with my sword. Guns? No gun blocks bullets...

Walking around with a gun offers one no protection (unless you have it drawn
and ready to fire at all times then maybe) but a false sense of security as my
real life examples illustrated. Now, if you want to shot someone dead, guns (I
would not suggest flower pots) do work really well for that...

------
kbart
_" Mozilla will help address this by hosting high-capacity Tor middle relays"_
Mozzila has my trust (at least for now), but concentrating large part of Tor
infrastructure in a single point inside USA jurisdiction does not seem like a
good and future proof idea.

~~~
torthrw
Won't these high capacity middle relays eventually become fast guards (and
because of the new flag assignment process, possibly both guards and exit
relays simultaneously) or can the directory authorities restrict flag
assignments even if the relay is eligible? By "can" I mean "should they" I
suppose?

------
okasaki
We need adblock and noscript in Firefox, not tor.

~~~
nnethercote
Tracking Protection is coming! [http://monica-at-
mozilla.blogspot.com.au/2014/11/tracking-pr...](http://monica-at-
mozilla.blogspot.com.au/2014/11/tracking-protection-in-firefox.html)

------
tempestn
This is great. Even if not all changes in the Tor Browser fork are appropriate
to be merged back into Firefox (and certainly not all will be), for every one
that they can merge, it both makes Firefox more secure and frees up Tor
developers from maintaining those differences. Sounds like a win all around.

------
Tepix
"Mozilla is an industry leader in developing features to support the user’s
desire for increased privacy online"

Is that why they enable 3rd party cookies by default and hide the option to
block them?

(Unlike Apple's Safari)

~~~
valarauca1
Looks very hidden [https://support.mozilla.org/en-US/kb/disable-third-party-
coo...](https://support.mozilla.org/en-US/kb/disable-third-party-cookies)

Also that's not hidden that's under options. No digging around in about:config

~~~
Tepix
Yes, it's hidden indeed. You don't get to see the checkbox to disable it until
you change a select box

"Firefox will: [Remember history]"

It's totally unintuitive to look for the 3rd party cookies options there.

I know because it took me a while to find it. And I don't think it should be
required to look at the documentation to do something as trivial as blocking
3rd party cookies.

------
hadoukenio
I'm guessing Mozilla's Tor middle relays will soon be a part of PRISM

~~~
leeoniya
mozilla, like few other companies, has my full faith and confidence that they
would pull a Lavabit and close up shop before letting something like this
completely erode their users' trust.

~~~
mook
I don't believe they would simply close in that case; I strongly believe that
they would instead choose to remain open under the logic that compromised but
still working for user security / web "openness" is superior to folding and
losing a force which aims to work for the "greater good". I believe this given
their past choices in things like H264 and EME.

Given that, though, I also believe that enough smart people are in Mozilla
that they would try to prevent themselves from being in a position where they
would be a target such that they would face the dilemma. Which might be why
they're only hosting middle relays, and not exits or guards :)

~~~
leeoniya
regarding H264 and EME, there are legitimate reasons for them having conceded
on those fronts. Content providers do have a legitimate interest in protecting
copyrighted work. Likewise, H264 is widely deployed and is already a sunk cost
for most consumers and migrating away from it will take at least a decade, it
was never going to work to forcefully go cold turkey; not everyone can pull an
Apple and yank Flash support.

while those choices certainly limit user freedom (as in choice), they do not
compromise user security (assuming EME is properly sandboxed, etc)

i don't think they would just up and close, they'd likely just sunset/curtail
the services which would be subject to interception. in Lavabit's case, that
was the entire business.

~~~
MichaelGG
>Content providers do have a legitimate interest in protecting copyrighted
work

Except DRM in the browser doesn't really accomplish that, does it? Hit The
Pirate Bay or Google up a torrent and done. Things like Netflix DRM are only
one step above HDCP.

~~~
leeoniya
regardless of how misguided their attempts are, doing _nothing_ is a non-
option for studios, right? what alternatives are there? there are none - those
who make the content make the rules, it's something i'm confident will not
change.

[https://hacks.mozilla.org/2014/05/reconciling-mozillas-
missi...](https://hacks.mozilla.org/2014/05/reconciling-mozillas-mission-
and-w3c-eme/)

anyways, this is off-topic.

