summaryrefslogtreecommitdiffstats
path: root/wiki/src/todo/replace_iceweasel_with_Torbrowser.mdwn
blob: 114451f2c9357c5b341aa5d0cbd45cb4edc7aa1e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
[[!toc levels=3]]

Note: this page is about perhaps running the *Torbrowser* in Tails,
not the full blown TBB.

Current position
================

We want to ship Torbrowser in Tails.

Roadmap
=======

First thing to do is to update this page to reflect our current
position and reasons thereof on this page:
[[todo/publish_Tails_positions_about_fingerprinting]].

Then, we have to decide upon the preferred implementation path.
[[!tag todo/discuss]]

Implementation
==============

Possible Paths
--------------

### A - Get TorBrowser in Debian

This is [[!tor_bug 3994]] -- Get TorBrowser in Debian ([[!taglink todo/upstream]])

Torbrowser packaging in Debian is sloooowly going on.

* Apparently, it's *hard* to make iceweasel co-installable with
  a torbrowser Debian package. Without Mike Hommey's help, this
  won't happen.
* Different XUL app with dedicated UUID? If so, every extension must
  be patched to be marked as compatible with torbrowser too.
* How to make the Torbrowser profile updatable? Static profile?
  And what about bookmarks?

### B - Custom iceweasel package with TorBrowser patches

This is related to [[!tor_bug 5236]] (Make a deb of the Torbrowser and
add to repository).

iceweasel + torbrowser patches builds and works fine.
Being worked on in `feature/torbrowser`. Our iceweasel Git repo is
documented on [[contribute/git]].

* more tests [[!tag todo/test]]
* investigate
  [torbutton vs.
  torbrowser.version](https://mailman.boum.org/pipermail/tails-dev/2012-October/001928.html)
  a bit more [[!tag todo/research]]
* What about the unsafe browser?
  - Ship Epiphany?
  - Don't care about it? (That is, let is use TorBrowser and have
    a uncommon fingerprint.)
* How would the two Mikes' patches live together?

### C - Ship and run the TBB's torbrowser executable

The work done on [[!tor_bug 5611]] (*Enhance "Transparent Torification
(Requires custom transproxy or Tor router)" in Tor Button*) may help.

Integration issues:

* The TBB's homepage is set to the `small=1` version of check.t.o,
  which is not suitable for Tails: it asks users to update their TBB.
  **Update**: "the next TBB release that includes Torbutton 1.4.6" (as
  of 2012-05-25) does not use this special homepage anymore, so this
  will soon be a non-issue.
* Extensions provided at the Debian system level are ignored, although
  `extensions.enabledScopes` is set to 1. Perhaps Debian installs
  extensions in non-standard places?
* The TBB ships l10n'd packages, while Tails needs to support as many
  languages as possible.
* How do we modify the Firefox profile shipped by the TBB?

> A few attempts in this direction:
>
> * [Ague's one](https://mailman.boum.org/pipermail/tails-dev/2012-October/001904.html)
> * [adrelanos' one](https://mailman.boum.org/pipermail/tails-dev/2012-October/001905.html)
> * suggestions [[on the forum|forum/TorBrowser_for_Tails]]

Previous position
=================

As we [once
wrote](https://mailman.boum.org/pipermail/tails-dev/2012-January/000795.html),
we see interest in shipping the TBB in Tails:

- bigger anonymity set;
- shared maintenance work once the integration work is done.

However, it would not be easy at all: the TBB is explicitly designed
to be as autonomous as possible, and to avoid taking into account the
system around it the slightest bit; this makes it hard, generally, to
integrate it into a wider system. E.g.: it runs its own Vidalia and
its own Tor; its Tor is configured differently than Tails context
requires; Torbrowser warns about launching external applications; etc.
Tor is getting more and more integrated into the Tails system as
a whole: e.g. time setting integration; bridge mode will soon be
toggleable at tails-greeter time; this kind of things make it even
harder to think how the TBB could fit into the big picture.

As a consequence, the work needed to get TBB fit for the job would be
quite big, and it would probably contain a bunch of "if $TAILS_MODE
... else" in the end, which partly defeats the initial purpose.

We have higher priority tasks in our roadmap, so it won't
happen any time soon unless we get serious amounts of help.

Pros and cons
=============

Browser fingerprinting
----------------------

We may want to hitchhike on the TBB's anonymity set or create our own.

The advantages of merging, to a certain extent, with the bigger TBB's
anonymity set are obvious.

Current differences:

* [[AdBlock vs. no ad blocker|todo/remove adblock?]]
* ESR vs. release channel
* information about additional add-ons installed in Tails may leak
* some system-level differences may leak (e.g. installed fonts)
* small configuration differences:
  [[todo/harmonize_iceweasel_config_with_tbb]]
* [Torbrowser
  patches](https://gitweb.torproject.org/torbrowser.git/tree/HEAD:/src/current-patches/firefox)
  may imply other differences

But even if we shipped the Torbrowser in Tails, how much would it look
like a TBB to adversaries? There are many, many, many ways to split
a given anonymity set. The more you zoom in, the more anonymity sets
are fragmented. At one given scale, there's one such thing like "The
TBB's anonymity set". Zoom in a tiny bit, and there are 12 or more
TBB's anonymity *sub*-sets.

A middle ground that might make sense would be to try to look like the
TBB to the eyes of "$RANDOM web server admin", and feel free to
diverge in the eyes of more powerful, or better placed, adversaries.

Pending questions
=================

* How will the Torbrowser release cycle influence our own release
  cycle? Their source is generally up-to-date, their binary builds
  might be lagging behind occasionally, worst case is that we
  exceptionally have to build our own. It also happens that a patch is
  not applying cleanly, and then we have to wait or contribute a fix.
* What about I2P? That could be done in another browser, user, profile.
     * [i2p upstream bug report Ticket #726 users can be deanonymized with browser fingerprinting](http://trac.i2p2.de/ticket/726)

And then?
=========

Once Tails ships TorBrowser, we want to [[todo/evaluate_web_fingerprint]].

Resources
=========

* "Tor Browser disabling Javascript anonymity set reduction" [thread
  on tor-talk](https://lists.torproject.org/pipermail/tor-talk/2012-May/024227.html)