Hacker News new | comments | show | ask | jobs | submit login

Thanks for your effort! If I can ask, how much overlap exists between your team and the team overseeing the implementation of security protocols within Firefox e.g. HSTS, CSP, etc.? It'd be neat to see Firefox drive innovation here alongside the effort to weave Tor into the browser; although I wouldn't necessarily treat Tor integration the same as I might the implementation of other security specifications, I can see how the teams working on such might overlap, hence my question.



The Fusion project is done by a subset of that team (+me, I happen to sit with Sandboxing due to other responsibilities).


By passing this on to Mozilla and discontinuing Tor Browser, you're going to inherit the innumerable issues in their code base. Wouldn't it be easier to hard-fork and create a simple browser with minimal overhead? It doesn't have to be loaded with features. Just minimalist and private.

Some anti-features that come to my attention off the top of my head:

* Biometric login (as of FF60)

* Dumb PR Stunts like Mr. Robot

* Telemetry

* Balrog (Analytics and browser fingerprinting on AmazonS3)

* Social API

* VR sensors

* DRM

* Google Chrome (large contract Mozilla has with them as they backport this into IPC)

* CloudFlare DNS (Department of Homeland Security partner and Tor arch-enemy)

etc...


Tor Browser will exist as long as Tor feels it needs to. If the features or anti-features in FF cause them to believe Firefox does not fit their need, then we're/they're not going to discontinue it.


> By passing this on to Mozilla and discontinuing Tor Browser, you're going to inherit the innumerable issues in their code base.

What issues exactly? Tor Browser = Firefox ESR + some patches + some other stuff and tweaks. Before the release of the next ESR TB devs rebase and submit these patches to mainline Firefox, that's why you have prefs like privacy.resistFingerprinting and privacy.firstparty.isolate in mainline Firefox, see: https://wiki.mozilla.org/Security/Tor_Uplift


> Google Chrome (large contract Mozilla has with them as they backport this into IPC)

What's this?


>Biometric login (as of FF60)

Are you talking about Web Authentication? What is wrong with it?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: