Re: bug#41848: Surfing with Tor

[Antonio T. sagitter]

On 15/06/20 22:40, Mark H Weaver wrote:

> Earlier, I wrote:
>
> > I'm currently building a version of IceCat 68.9 with the above commit
> > reverted, to see if the bug also exists in version 0.1.7 of the Onion
> > Browser Button.
> >       
> The same problem happens for me with version 0.1.7 of the Onion Browser
> Button in the IceCat 68.9 preview.  I guess that this add-on does not
> work reliably (if at all) with Firefox ESR 68.x or its derivatives.
> Maybe it works better with Firefox 77.
>
> Unless someone has a better suggestion, I'm inclined to simply *remove*
> Onion Browser Button from the IceCat 68 preview.
>

Another removing (about:icecat is already gone)? Of the original IceCat nothing is remaining...

> Long ago, the Tor Browser developers reached the conclusion that having
> a simple toggle button was the wrong approach, and I agree.
>
>   https://blog.torproject.org/toggle-or-not-toggle-end-torbutton
>
> One problem is that modern web browsers have a large amount of state
> which can be used to identify you, and toggling the Tor button does not
> clear that state.  When you aren't using Tor, sites can learn the state
> of your browser profile and associate that state with your identity.
> Later, if you turn Tor on, all of that state is still there to identify
> you, even if your network requests are routed through Tor.
>
> I believe that in order to properly preserve your anonymity while web
> browsing, at *minimum* each IceCat _profile_ should either be used
> exclusively with Tor, or exclusively without Tor.  In other words, you
> should create dedicated profiles for use with Tor; when creating a new
> profile, you should either configure it to use Tor, or not, and you
> should *never* toggle a given profile between Tor-enabled and
> Tor-disabled.  This requirement is violated by a Tor toggle button,
> whose sole purpose is to make it convenient to do the very thing that
> you should never do.
>

I'm incline to choose the Tor-Icecat, in this case IceCat browser will be always Tor dependent.

And, if in future some way Tor will become a proprietary feature?

> Another more difficult problem is that browsers can be fingerprinted in
> various ways to determine their specific feature set and configuration.
> IceCat has a distinctive set of features disabled, and a distinctive
> configuration to better protect your privacy, but ironically these
> improvements can likely be used by an adversary to determine that you
> are an IceCat user, even if you are using Tor.  Since there are
> relatively few IceCat users, this dramatically narrows down the set of
> people that you might be, thereby reducing your anonymity.
>
> I think we should acknowledge that providing proper anonymity in IceCat
> will require more work, and that work has not yet been done.  Therefore,
> I think we should remove Tor support from IceCat for now, and start a
> discussion of what the requirements are and how best to meet them.
>     
> To begin, I recommend that participants of this discussion should read
> "The Design and Implementation of the Tor Browser", here:
>
>   https://2019.www.torproject.org/projects/torbrowser/design/
>
> I can think of a few approaches we might take.  The easiest approach
> would be to give up on having the same browser support Tor and non-Tor
> usage, as the Tor developers did.  IceCat, based on Firefox ESR, could
> be our non-Tor browser, and then we could start another project, based
> on Tor Browser, for use with Tor.
>
> Another approach would be to provide an easy UI for enabling Tor when
> creating a new profile, and to teach users best practices for doing
> this.  This approach would involve cherry-picking patches from Tor
> Browser, and possibly arranging for some of those patches to take effect
> only in profiles where Tor is enabled.  It would likely also involve
> using a different default configuration for Tor-enabled profiles, to
> more closely match Tor Browser's configuration, to make it harder to
> distinguish IceCat users from Tor Browser users.
>
> Yet another idea would be to arrange for "Private Windows" to use Tor,
> and to convince ourselves (or not) that the remotely-detectable state of
> Private Windows are sufficiently isolated from the state of normal
> windows.
>
> I welcome other opinions.
>
>     Regards,
>       Mark
>

+1 for a dedicated discussion about.

-- 
---
Antonio Trande
Fedora Project
mailto: sagitter@fedoraproject.org
GPG key: 0x7B30EE04E576AA84
GPG key server: https://keys.openpgp.org/

signature.asc
Description: OpenPGP digital signature