Tor Executive Director Hints At Firefox Integration

blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.

When will they act as nodes?

[Fwipp]

I wonder at what times Firefox would act as a Tor node? Only while private browsing is enabled, a private window is open, at all times, or never (if that is possible, it's been a while)? I figure that it won't be an exit node by default, but it would still be unfortunate if unsuspecting users suddenly saw their data usage increase.

When will they act as nodes?

[Anonymous Coward]

So, the very thing which could protect users privacy by default, on a massive sacle, almost so transparently as to be irrelevent. Possibly the biggest privacy breakthrough in the history of the internet, and your first thought is concern at increased data throughput?

No wonder privacy is in such a bad state!

Re:

[NotInHere]

Even with the current tor TBB software you don't run a node by default. And, it would be even bad for the tor network to have tons of lots of low-bandwidth nodes.

To put it short in a GNU manner: Tor Is Not Bittorrent.

Re:

[Fwipp]

Cool, thanks for letting me know! I haven't used Tor in a few years, now, so my memory is rusty.

Re:

[tqk]

# aptitude show tor

Tor is a connection-based low-latency anonymous communication system.

Clients choose a source-routed path through a set of relays, and negotiate a "virtual circuit"
through the network, in which each relay knows its predecessor and successor, but no others.
Traffic flowing down the circuit is decrypted at each relay, which reveals the downstream relay.

Basically, Tor provides a distributed network of relays. Users bounce their TCP streams (web
traffic,

Re:

[davydagger]

I think the point was more that something like "tor button" would be included by default in the code base.

pidgin already has TOR intergration, under account management, under the proxy settings, there is an option for "use TOR"

Re:

[gbjbaanb]

Well, you could read the article, or you could read the summary.

include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off.

So I guess it'd be a different style 'private mode' where you open a new 'secure' or 'anonymous' window and surf using that, and whilst its open, it serves as a Tor node.

Still, we don;t know if it is Firefox or not, so it could be anything. This is a very speculative article.

Re:

[davydagger]

private browsing mode prevents firefox from leaving usage tracks on your HD, that is all. Nothing more.

Once you close firefox after using private browsing mode, your computer has no records of your actions. No cookies, history, cache, html5 cookies, anything.

It doesn't stop someone from sniffing network traffic, but its still insanely useful

Re:

[Anonymous Coward]

Actually that would be AdBlock Plus and No Script.. I look at private browsing as defense from malware especially with all the zero day crap going around these days.

"I feel sorry for anyone who has to hide what they do inside their own home. That's sad."
You're a fool not to protect yourself.
1. Information is money on the black market.
2. ^

Re:

[davydagger]

well, that complements with "I feel sorry for anyone who has to hide inside their own home". Its pretty sad that indeed you do. There is a whole planet of people to feel sorry for.

Re:

[davydagger]

me as well.

unfortunately domestic abuse is a real issue. So are helicopter parents, and police states and places on earth are still run by authoritarian regimes.

The world can get pretty scary sometimes, but its good that we have software that rises to meet the challenges.

Re: "private browsing mode"

[johnsnails]

It use to be the case that ur zoom settings were preserved from incognito mode. Not sure if it is still the case. Not in a position to check ATM.

Re:

[marsu_k]

Among the first customizations I do in Firefox is to set browser.zoom.siteSpecific to false in about:config, I think the default value (true) is quite retarded.

Re:

[hodet]

Otherwise known as porn mode.

Re:

[UnknownSoldier]

I first though that can't be right but wow, you're right! Looks like the only way now in versions 23+ is through: about:config
https://support.mozilla.org/en... [mozilla.org]

WTF?

Mozilla: keeps making Firefox obsolete -- because you don't know what the fuck you are doing anymore with UI !

Talk about the Mozilla team not having a CLUE by allowing this misinformation ...

> also Note that turning off Javascript has little benefit (it isn't very insecure and cant really take control of the system),
https://support.mozilla.org [mozilla.org]

Re:

[Billly Gates]

Of course I could argue what kind of modern browser doesn't do ajax or webapps? Turning it off is like turning html off.

I use adblock and with malware blocking in addition to flashblock. Noscript reminded me of UAC in Vista when all the apps were XP compatible and required to constant beep for any task before developers started switching to services instead.

Re:

[gbjbaanb]

All websites use Javascript now, having an option to turn it off is meaningless.

What you need is either a fine-grained javascript blocker (NoScript addon for Firefox) or a web browser that's more suited for you (Lynx).

Re:

[jgtg32a]

IIRC their argument was something along the lines of very few people were actually completely disabling JS, and a lot of them later complained that the internet wasn't working because they disabled JS. Also, NoScript is a very popular addon, which gives control over what scripts are actually allowed to run. So they switched JS back on for everyone without telling anyone and moved the option to about:config.

Their argument made sense, people who want to control JS were already using NoScript, and

Re:

[reub2000]

Nah-uh. Private browsing mode is for reading the New York Times.

Re:

[MSG]

Tor is ineffective if Javascript is enabled

I don't know what you're talking about. Tor's FAQ notes that they leave Javascript enabled by default.

Re:

[Kjella]

Well, allowing JavaScript gives people who'd like to de-anonymize you:

a) A much bigger attack surface, rendering engines are rather safe while scripting engines are quite risky by comparison.
b) Much more accurate ways to fingerprint users through querying the system.
c) Much simpler ways to use AJAX to create traffic patterns to trace you through the system.

That the TorBrowser developers (Tor is just the transport layer - it speaks TCP/IP, not HTTP) choose to leave JavaScript enabled is more a pragmatic choi

Re:

[Anonymous Coward]

What do you think a ChromeBook is?

Re:

[tqk]

I won't be happy until about 80% of my computer's functionality is integrated into my browser.

Dumbest (most ignorant?) statement ever? What, exactly, do you think a computer does, really? Show you cat pix?

Re:

[Required Snark]

For lots of people, the computer is the browser. That's what Chrombooks are for. I don't want that, but I already know that I'm not in anyone's big target demographic; I'm in the marginal group.

Re:

[Tourney3p0]

I would think a dumber (more ignorant?) statement would be the one that responds to obvious sarcasm as though it's serious.

IE better fits the definition.

[BarbaraHudson]

Firefox has been well over 20% for years [w3schools.com].

IE dropped below 20 percent two years ago.

Of course, you can pick different stats to prove pretty much anything when it comes to the web.

Using W3 counter [w3counter.com] it could be IE, it could be Safari, it could be Firefox.

But recently both Google and Apple have thrown down the gauntlet with respect to requests by the DoJ. Microsoft could very well be taking a different tack; having your browsing routed through TOR makes it harder to know the contents - until you upload it to "the Cloud" and it sits on the servers unencrypted.

Unleash the "Microsoft is in bed with the NSA" hounds.

Re:

[BarbaraHudson]

Good point. Thanks for reminding everybody :-)

Re:

[BarbaraHudson]

Certainly both Microsoft and Apple have more money to spend on this than Mozilla. Mozilla may be looking down the road to the end (November of this year) of their current deal with Google that has placement of Google search as the default search - this deal provides almost all Mozilla's revenue. However, it might make sense to knee-cap Mozilla by not renewing the deal, now that Mozilla wants to compete in the mobile OS space.

The only other real potential candidate for the replacement deal is Microsoft, an

Re:

[Vellmont]

w3 schools is about one of the WORST examples you could have picked. Web developers and designers don't use IE for obvious reasons.

But you're right though that browser market share is hugely dependent on what group you've picked. Business users use IE in much higher numbers. Given Microsoft's corporate masters, I'd be VERY surprised if they put an anti-spying feature in the browser. Remember, business loves to spy on their employees.

My money is still on Firefox though. Mozilla has a mission to provide

This isn't going to work.

[PhrostyMcByte]

I'd love to see more people using Tor, but the experience has to change a lot before we can do that.

Being anonymous and secure on Tor is not easy. It's a major inconvenience to disabling browser features like Javascript, and it requires firm behavioral changes from the user.

Putting a mainstream user into the same environment is simply not going to work.

Re:

[tlhIngan]

I'd love to see more people using Tor, but the experience has to change a lot before we can do that.

Being anonymous and secure on Tor is not easy. It's a major inconvenience to disabling browser features like Javascript, and it requires firm behavioral changes from the user.

Putting a mainstream user into the same environment is simply not going to work.

In fact, I'd wager most Tor users who were "discovered" were not taking basic precautions - they just plainly sent identifying information over it through an

Re:

[AmiMoJo]

Perfection isn't required, it just has to be better than the current "private browsing" modes. It would prevent a lot of mass surveillance and corporate tracking. Should break geolocation nicely too.

Addon, not integrate

[markdavis]

I do not want Tor "integrated" in Firefox. Nor should ANYONE. This is why they make addons and extensions. I am getting tired of them adding more and more to Firefox. The whole POINT of Firefox was to be lean and fast and shed all the "integrated" extras of previous browsers. We don't need it to continue bloating up, taking more space, getting more complicated, and using more resources.

1) Stop adding stuff that can be in an addon instead.
2) Stop trying to turn Firefox into Chrome.
3) Stop removing user settings to allow users to control what they want (like placement of tabs and such).
4) Remove firebug/debugger, whatever you call it and put it in an addon where it belongs.

Re:Addon, not integrate

[Anonymous Coward]

Interpretation: only remove what *I* want you to remove. Because if you so much as dare to remove my stupid, barely-used half-broken feature and make me install an addon to get it back, you're worse than Hitler. But screw everyone else, they can lose whatever, no matter how useful or heavily-used it is by comparison.

Re:

[jopsen]

I like your interpretation :)

Re:

[markdavis]

I think your interpretation needs a lot of work.

Re:Addon, not integrate

[SeaFox]

Interpretation: only remove what *I* want you to remove. Because if you so much as dare to remove my stupid, barely-used half-broken feature and make me install an addon to get it back, you're worse than Hitler. But screw everyone else, they can lose whatever, no matter how useful or heavily-used it is by comparison.

The excuse Mozilla gave years ago when they first started to bloat things up was that people were not really making use of extensions or even aware of their existence. People don't want to have to search for and install the extensions and would rather have that functionality built-in when they first install.

Instead of adding the features to the core app, they could have created extensions that added this functionality, then bundled them, enabled by default, with Firefox. That way the functionality would already be there without the user having to do anything, and then the "power users" who were more familiar with the extensions system and didn't want that functionality could just go disable them to improve performance and memory usage.

But they didn't do that for some reason...

Re:

[Warbothong]

Interpretation: only remove what *I* want you to remove.

Really? I use Firebug-like inspectors heavily, but was disappointed to see Firefox start bundling such features. Likewise I use add blockers, noscript, video-downloaders (since I don't use Flash), etc. but would never like to see them bundled by default in Firefox.

Also, you can't use the "heavily-used" argument in defense of Firefox's default features when it comes with a "3D view" http://superuser.com/questions... [superuser.com]

Re:

[jopsen]

The whole POINT of Firefox was to be lean and fast and shed all the "integrated" extras of previous browsers.

Maybe my browser history is a bit rusty... but I'm pretty sure that wasn't the whole POINT of Firefox :)

That said, yes... addons are good... It's especially a great way to test things. But it might not be the best to bring an important feature to the majority of the user-base. Laugh all your want about the importance of "private browing" mode, but if it was just an add-on, most people won't use it.

Allow me to lubricate...

[SethJohnson]

From Wikipedia [wikipedia.org]:

The Firefox project began as an experimental branch of the Mozilla project by Dave Hyatt, Joe Hewitt and Blake Ross. They believed the commercial requirements of Netscape's sponsorship and developer-driven feature creep compromised the utility of the Mozilla browser.[29] To combat what they saw as the Mozilla Suite's software bloat, they created a stand-alone browser, with which they intended to replace the Mozilla Suite

Re:

[jopsen]

Okay, you set me straight... :)
For me the big deal with Firefox was web standards, and a browser less shitty than IE...

Re:

[apraetor]

Calm down! This entire article is rumor and unsupported speculation, unless I missed something. I agree with you that Tor belongs in an extension, not in the stock Firefox.

Re:

[Required Snark]

"This entire article is rumor and unsupported speculation". Remember, this is Slashdot. Without rumor and unsupported speculation it would be like the internet without cat videos.

But don't forget the importance of hostility, prejudice, flamebait, personal attacks, counter factual claims, obstinate stupidity, outright lies, and vendettas. Slashdot has a lot more to offer then simply overreacting to mindless rumors. There is a wealth of egocentric antisocial behavior on display. Slashdot thrives as a commun

Re:

[markdavis]

Yeah right, because let's remove SSL that 99.9% of all users REQUIRE (not want or like, but require) and compare that to debugger mode, which is something maybe 0.1% of users care about.

And TOR would be maybe 0.01%?

Re:

[Przemo-c]

I wholeheartedly agree. Some Mozilla manifesto was putting control over internet in your hands (i'm paraphrasing) and i thoutgh please get our control over Firefox back. UI changes (and css customization limitations) certificate handling, and few other things makes me a bit angry at mozilla. I used to be able with my limited CSS knowledge to put tabs beside the urlbar make them scale etc, make toolbar sort of floating and that it didnt takeup whole screen width etc. but now . i have almost no control over t

Firefox's market share is declining

[QuietLagoon]

Why would Tor want to work with a browser whose market share is in decline?

Re:

[shutdown -p now]

Because all other browsers are developed by corporations who don't have a vested interest in Tor (or perhaps have a vested interest to see it fail).

Using Tor is just half the equation here

[Visarga]

Using Tor is just half the equation here - people should be made aware that the moment they connect to their FB or GMail accounts, their privacy is destroyed, Tor or no Tor. I propose a proxy that would clean up all outgoing communications of private data such as emails and names. That, coupled with Tor, would mean privacy.

Great way to get Businesses & Gov to drop Fire

[Danathar]

Many government agencies and businesses have Firefox installed as a primary or as a secondary browser available for use (in addition to IE of course).

They also have policies against the use of proxies, p2p, etc.

If TOR is included within Firefox and they don't give administrators a way to keep people from using it on the job you can bet they will jettison Firefox as an option for their users.

Re:

[strikethree]

It is a shame I did not save at least one mod point. Your comment needs it.

I fought long and hard to get Firefox installed on government computers and integrating TOR at the source code level would get Firefox yanked faster than you can say FISMA. I swear to god someone in Mozilla is actively trying to destroy Firefox. There is no other reasonable explanation for what is going on.

Re:

[davydagger]

what if its only "illegal" because its legitimate dissent in a country where such dissent in banned?

Re:on forwarding illegal traffic

[penguinoid]

You already contribute financially to illegal activities. You do business with a business which is used by criminals, saving the criminals money due to economies of scale for said business -- examples: internet, phone, mail, transportation. If you think it is acceptable to do this because it has a lot of legitimate users, what makes it different for Tor? Lots of people value their privacy, especially now that the NSA is unconstitutionally searching all your unencrypted communication. If locks are to keep honest people honest, encryption is to keep dishonest government slightly more honest.

Re:

[Blaskowicz]

You already contribute financially to illegal activities.

Even if I told the IRS guys I don't want to finance criminals they would just take my/their money by force.

You guys are hard to follow.

But imo, you contribute to illegal activities (and they contribute to you) when you put your money overseas in fiscal paradises. That's a stronger example than just using the internet or walking down the street (because criminals use the pavement?).
If you take measures to avoid the IRS you're probably financing criminals! (and financing criminals when paying your taxes.. probably, but less so in $milllion/$billion amounts)