Hacker News new | past | comments | ask | show | jobs | submit login
Tor project decides to fork Firefox (torproject.org)
171 points by aj700 on May 3, 2011 | hide | past | web | favorite | 18 comments

Seems like a good idea. I agree with the article: TorButton is convenient, but it's confusing and it can easily leak information about you. Two browsers (one private, one public) is much easier to reason about. And, being able to iterate quickly and not saddle "normal" Firefox users with the mistakes is an added benefit.

There is a downside: Your can already download a standalone Tor-Browser bundled with (FF portable), but it still is FF 3.6.17. After a fork, the Tor project will not invest all their resources in keeping up with an enhanced FF release schedule. They will likely always be behind a few month.

I'm not sure this is that big an issue, I think being a month or two behind FF releases won't be the end of the world.

As long as they don't get far behind on security fixes, particularly those that could lead to information leaks.

I think this is an excellent decision -- the "toggle" design seemed seriously unsafe. Consider the list of TorButton bugs that have already been fixed: https://trac.torproject.org/projects/tor/query?group=priorit... How much would you bet that there isn't at least one more anonymity-compromising bug in there?

The new design seems much less Rube-Goldbergy. That said, I still think this style of interface offers only quite casual protection, since it relies on (the forked version of) Firefox not having any bugs that leak information. So any adversary who has enough resources to obtain a zero-day Firefox exploit that allows arbitrary code execution is able to completely deanonymize you. This is probably good enough for e.g. the masses in Iran, but not for would-be Wikileakers.

What I really would like to see is a virtual machine setup that lets you run your webbrowers in a VM, and provides the guest OS with a simulated network interface which actually connects through Tor. That would make for a much smaller attack surface. But last time I looked, I couldn't find one.

Firefox is millions of lines of C++ and has had more than one fix-it-NOW security issue. I see the problems with the Torbutton model, but a one-man fork is not necessarily a good idea either.

Still, I hope it works.


Xerobank has done the same thing. Firefox has a lot of options that need tweaking if you don't want to leak information. These guys also run a private "Tor" network.

So changes get pushed immediately in their own fork but are they again pushed upstream for the general Firefox release? I would presume that many of the changes that they would like to make to the project, while not high enough priority for the Mozilla team, would actually be beneficial to them.

The Tor Browser bugs on the other hand are more directly usable by Firefox in its own Private Browsing Mode, which makes them more likely to merge quicker, and be maintained long-term. Also, because we are releasing our own Firefox-based browser, we will also have more control over experimenting with them and deploying these fixes to our users rapidly, as opposed to waiting for the next major Firefox release.

This is from the article. Although these features may be beneficial for Firefox, they may not be a part of their priorities. By Tor making their own fork and doing all the hard work (designing, coding and testing), they can just give Mozilla some patches. This only leaves a bit of their own testing, maybe some marge conflicts, so that the Firefox devs don't need to do the design and initial coding. This means that both guys win.

Mike Perry gave a talk in one of my classes today, and he mentioned that he would like to push changes upstream, and that Mozilla has expressed some interest in that as well. A lot of the TorButton features are also desirable private browsing mode features that haven't been implemented yet.

This is a silly title. The focus here is dropping of the browser extension and moving resources to a customized version of Firefox.

This is dabbling on the notion of what a "fork" means but to my eyes (and those of most, apparently) they're talking about creating a separate, customized version of Firefox. Which is a fork of Firefox. Which makes the title adequate, Asa, no?

It struck me as technically true, but misleading.

i'm confused. is this also the end of vidalia? how will i use tor w chrome?

Do you understand what Tor Button does versus what Vidalia does? They're two completely different things.

no, i don't (as i said, i use chrome). maybe that is why i am confused? the reason i ask is that they seem to be focussing on a "browser bundle" which is firefox based. see https://www.torproject.org/projects/torbrowser.html.en

[edit: thanks Larry for response below. i currently use a separate invocation of chrome that starts in incognito with proxy configured, and then start tor with vidalia. but i will consider switching to a ff-based bundle. replied here as didn't have a "reply" link for some reason - seems to be a limit on posting rate?]

[ps ironic that one of your most recent posts, driveby, was on how amazing it is to be supportive of people that don't understand things...]

Vidalia is a GUI for tor, letting you start it, stop it, change identity, monitor your connections, etc. Torbutton toggles if firefox goes via tor or not and monitors to make sure it still does and nothing has changed and changes some settings to make attempt to prevent accidental leaks. Current broswer bundles is usually pretty much a browser with torbutton, vidalia and tor. Tor itself will no doubt still be able to proxy other things (such as pidgin or other non-web traffic). I'm not sure what exactly forking the browser would entail, but I'm pretty sure it's mostly meant to provide a full separate (and neutral looking to the server) browser rather then have people flip back and forth which has always been a bad idea since it's very easy to accidentally have it give you away. If the bundle itself includes Tor or not is hard to say. If chrome + tor (started with vidalia rather then command line, if you wish) is secure is debatable, perhaps or perhaps not - it's never been a project they've really focused on. Third party or roll-your-own setups are as secure as you make them.

[EDIT] You're welcome. Chrome via proxy in incognito on a separate install is probably pretty safe. Might even be safer - I'm not really qualified to answer either way. The bundles are only as safe as the writers as well, so.. dunno.

I didn't mean for my post to come off as rude, but it seems strange to just assume that because one thing is canceled, a completely different tool with a different name would be canceled, and to be fair, 10 seconds with Google gives a better summary of Vidalia than I could do, but I'm flattered you reviewed my comments.

Additionally, while we're here, you should really reconsider how you're using Chrome. If Chrome is like Firefox, it does NOT tunnel it's DNS requests by default. Firefox, for example, (at least with 3.6) won't resolve .onion links unless you select the option to tunnel DNS requests. It means that you're likely leaking DNS requests to potential watchers.

Others like javascript and Flash can be equally insidious. If you're using Tor, it would behoove you to use the Tor Browser, or at least the Bundle as it has very sensible default settings for protecting yourself.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact