Note: this page is about perhaps running the *Torbrowser* in Tails,
not the full blown TBB.
We want to ship Torbrowser in Tails.
First thing to do is to update this page to reflect our current
position and reasons thereof on this page:
Then, we have to decide upon the preferred implementation path.
### A - Get TorBrowser in Debian
This is [[!tor_bug 3994]] -- Get TorBrowser in Debian ([[!taglink todo/upstream]])
Torbrowser packaging in Debian is sloooowly going on.
* Apparently, it's *hard* to make iceweasel co-installable with
a torbrowser Debian package. Without Mike Hommey's help, this
* Different XUL app with dedicated UUID? If so, every extension must
be patched to be marked as compatible with torbrowser too.
* How to make the Torbrowser profile updatable? Static profile?
And what about bookmarks?
### B - Custom iceweasel package with TorBrowser patches
This is related to [[!tor_bug 5236]] (Make a deb of the Torbrowser and
add to repository).
iceweasel + torbrowser patches builds and works fine.
Being worked on in `feature/torbrowser`. Our iceweasel Git repo is
documented on [[contribute/git]].
* more tests [[!tag todo/test]]
a bit more [[!tag todo/research]]
* What about the unsafe browser?
- Ship Epiphany?
- Don't care about it? (That is, let is use TorBrowser and have
a uncommon fingerprint.)
* How would the two Mikes' patches live together?
### C - Ship and run the TBB's torbrowser executable
The work done on [[!tor_bug 5611]] (*Enhance "Transparent Torification
(Requires custom transproxy or Tor router)" in Tor Button*) may help.
* The TBB's homepage is set to the `small=1` version of check.t.o,
which is not suitable for Tails: it asks users to update their TBB.
**Update**: "the next TBB release that includes Torbutton 1.4.6" (as
of 2012-05-25) does not use this special homepage anymore, so this
will soon be a non-issue.
* Extensions provided at the Debian system level are ignored, although
`extensions.enabledScopes` is set to 1. Perhaps Debian installs
extensions in non-standard places?
* The TBB ships l10n'd packages, while Tails needs to support as many
languages as possible.
* How do we modify the Firefox profile shipped by the TBB?
> A few attempts in this direction:
> * [Ague's one](https://mailman.boum.org/pipermail/tails-dev/2012-October/001904.html)
> * [adrelanos' one](https://mailman.boum.org/pipermail/tails-dev/2012-October/001905.html)
> * suggestions [[on the forum|forum/TorBrowser_for_Tails]]
As we [once
we see interest in shipping the TBB in Tails:
- bigger anonymity set;
- shared maintenance work once the integration work is done.
However, it would not be easy at all: the TBB is explicitly designed
to be as autonomous as possible, and to avoid taking into account the
system around it the slightest bit; this makes it hard, generally, to
integrate it into a wider system. E.g.: it runs its own Vidalia and
its own Tor; its Tor is configured differently than Tails context
requires; Torbrowser warns about launching external applications; etc.
Tor is getting more and more integrated into the Tails system as
a whole: e.g. time setting integration; bridge mode will soon be
toggleable at tails-greeter time; this kind of things make it even
harder to think how the TBB could fit into the big picture.
As a consequence, the work needed to get TBB fit for the job would be
quite big, and it would probably contain a bunch of "if $TAILS_MODE
... else" in the end, which partly defeats the initial purpose.
We have higher priority tasks in our roadmap, so it won't
happen any time soon unless we get serious amounts of help.
Pros and cons
We may want to hitchhike on the TBB's anonymity set or create our own.
The advantages of merging, to a certain extent, with the bigger TBB's
anonymity set are obvious.
* [[AdBlock vs. no ad blocker|todo/remove adblock?]]
* ESR vs. release channel
* information about additional add-ons installed in Tails may leak
* some system-level differences may leak (e.g. installed fonts)
* small configuration differences:
may imply other differences
But even if we shipped the Torbrowser in Tails, how much would it look
like a TBB to adversaries? There are many, many, many ways to split
a given anonymity set. The more you zoom in, the more anonymity sets
are fragmented. At one given scale, there's one such thing like "The
TBB's anonymity set". Zoom in a tiny bit, and there are 12 or more
TBB's anonymity *sub*-sets.
A middle ground that might make sense would be to try to look like the
TBB to the eyes of "$RANDOM web server admin", and feel free to
diverge in the eyes of more powerful, or better placed, adversaries.
* How will the Torbrowser release cycle influence our own release
cycle? Their source is generally up-to-date, their binary builds
might be lagging behind occasionally, worst case is that we
exceptionally have to build our own. It also happens that a patch is
not applying cleanly, and then we have to wait or contribute a fix.
* What about I2P? That could be done in another browser, user, profile.
* [i2p upstream bug report Ticket #726 users can be deanonymized with browser fingerprinting](http://trac.i2p2.de/ticket/726)
Once Tails ships TorBrowser, we want to [[todo/evaluate_web_fingerprint]].