

Tor project decides to fork Firefox - aj700
http://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton

======
jrockway
Seems like a good idea. I agree with the article: TorButton is convenient, but
it's confusing and it can easily leak information about you. Two browsers (one
private, one public) is much easier to reason about. And, being able to
iterate quickly and not saddle "normal" Firefox users with the mistakes is an
added benefit.

~~~
eiji
There is a downside: Your can already download a standalone Tor-Browser
bundled with (FF portable), but it still is FF 3.6.17. After a fork, the Tor
project will not invest all their resources in keeping up with an enhanced FF
release schedule. They will likely always be behind a few month.

~~~
mikeryan
I'm not sure this is that big an issue, I think being a month or two behind FF
releases won't be the end of the world.

~~~
muyyatin
As long as they don't get far behind on security fixes, particularly those
that could lead to information leaks.

------
vilhelm_s
I think this is an excellent decision -- the "toggle" design seemed seriously
unsafe. Consider the list of TorButton bugs that have already been fixed:
[https://trac.torproject.org/projects/tor/query?group=priorit...](https://trac.torproject.org/projects/tor/query?group=priority&component=Torbutton&order=priority&col=id&col=summary&col=component&col=type&col=status&col=priority&col=milestone&col=points&report=14&type=defect)
How much would you bet that there isn't at least one more anonymity-
compromising bug in there?

The new design seems much less Rube-Goldbergy. That said, I still think this
style of interface offers only quite casual protection, since it relies on
(the forked version of) Firefox not having any bugs that leak information. So
any adversary who has enough resources to obtain a zero-day Firefox exploit
that allows arbitrary code execution is able to completely deanonymize you.
This is probably good enough for e.g. the masses in Iran, but not for would-be
Wikileakers.

What I really would like to see is a virtual machine setup that lets you run
your webbrowers in a VM, and provides the guest OS with a simulated network
interface which actually connects through Tor. That would make for a much
smaller attack surface. But last time I looked, I couldn't find one.

------
JoachimSchipper
Firefox is millions of lines of C++ and has had more than one fix-it-NOW
security issue. I see the problems with the Torbutton model, but a one-man
fork is not necessarily a good idea either.

Still, I hope it works.

------
bobds
<http://en.wikipedia.org/wiki/XeroBank_Browser>

Xerobank has done the same thing. Firefox has a lot of options that need
tweaking if you don't want to leak information. These guys also run a private
"Tor" network.

------
patrickod
So changes get pushed immediately in their own fork but are they again pushed
upstream for the general Firefox release? I would presume that many of the
changes that they would like to make to the project, while not high enough
priority for the Mozilla team, would actually be beneficial to them.

~~~
keeperofdakeys
_The Tor Browser bugs on the other hand are more directly usable by Firefox in
its own Private Browsing Mode, which makes them more likely to merge quicker,
and be maintained long-term. Also, because we are releasing our own Firefox-
based browser, we will also have more control over experimenting with them and
deploying these fixes to our users rapidly, as opposed to waiting for the next
major Firefox release._

This is from the article. Although these features may be beneficial for
Firefox, they may not be a part of their priorities. By Tor making their own
fork and doing all the hard work (designing, coding and testing), they can
just give Mozilla some patches. This only leaves a bit of their own testing,
maybe some marge conflicts, so that the Firefox devs don't need to do the
design and initial coding. This means that both guys win.

------
asadotzler
This is a silly title. The focus here is dropping of the browser extension and
moving resources to a customized version of Firefox.

~~~
fredoliveira
This is dabbling on the notion of what a "fork" means but to my eyes (and
those of most, apparently) they're talking about creating a separate,
customized version of Firefox. Which is a fork of Firefox. Which makes the
title adequate, Asa, no?

~~~
pbiggar
It struck me as technically true, but misleading.

------
andrewcooke
i'm confused. is this also the end of vidalia? how will i use tor w chrome?

~~~
drivebyacct2
Do you understand what Tor Button does versus what Vidalia does? They're two
completely different things.

~~~
andrewcooke
no, i don't (as i said, i use chrome). maybe that is why i am confused? the
reason i ask is that they seem to be focussing on a "browser bundle" which is
firefox based. see <https://www.torproject.org/projects/torbrowser.html.en>

[edit: thanks Larry for response below. i currently use a separate invocation
of chrome that starts in incognito with proxy configured, and then start tor
with vidalia. but i will consider switching to a ff-based bundle. replied here
as didn't have a "reply" link for some reason - seems to be a limit on posting
rate?]

[ps ironic that one of your most recent posts, driveby, was on how amazing it
is to be supportive of people that don't understand things...]

~~~
LarrySDonald
Vidalia is a GUI for tor, letting you start it, stop it, change identity,
monitor your connections, etc. Torbutton toggles if firefox goes via tor or
not and monitors to make sure it still does and nothing has changed and
changes some settings to make attempt to prevent accidental leaks. Current
broswer bundles is usually pretty much a browser with torbutton, vidalia and
tor. Tor itself will no doubt still be able to proxy other things (such as
pidgin or other non-web traffic). I'm not sure what exactly forking the
browser would entail, but I'm pretty sure it's mostly meant to provide a full
separate (and neutral looking to the server) browser rather then have people
flip back and forth which has always been a bad idea since it's very easy to
accidentally have it give you away. If the bundle itself includes Tor or not
is hard to say. If chrome + tor (started with vidalia rather then command
line, if you wish) is secure is debatable, perhaps or perhaps not - it's never
been a project they've really focused on. Third party or roll-your-own setups
are as secure as you make them.

[EDIT] You're welcome. Chrome via proxy in incognito on a separate install is
probably pretty safe. Might even be safer - I'm not really qualified to answer
either way. The bundles are only as safe as the writers as well, so.. dunno.

