Security/Fusion: Difference between revisions
Ethantseng (talk | contribs) (Minor update for a typo.) |
Ethantseng (talk | contribs) (Polish the rhetoric.) |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
[[File:fusion.jpeg|thumb|200px]] | [[File:fusion.jpeg|thumb|200px]] | ||
'''Fusion''' ('''F'''irefox ''' | '''Fusion''' ('''F'''irefox '''USI'''ng '''ON'''ions) is a Mozilla project, in collaboration with [https://www.torproject.org/ the Tor Project], to bring the cutting-edge security and privacy features to Firefox users by leveraging the technologies of Tor Browser and Tor Proxy. | ||
This project is experimental and in the beginning phases. | |||
= Background = | = Background = | ||
The Firefox and Tor Browser teams | The Firefox and Tor Browser teams are long-time collaborators. The Tor Browser team builds [https://www.torproject.org/projects/torbrowser.html Tor Browser] by adding privacy-enhancing patches to [https://www.mozilla.org/en-US/firefox/organizations/ Firefox ESR]. When this process first began, the Tor Browser team would have to update these patches each time a new version of Firefox was released, which was very time intensive. | ||
In 2016, we started the [https://wiki.mozilla.org/Security/Tor_Uplift '''Tor Uplift project'''] to take the Tor Browser patches and "uplift" them to Firefox. When a patch gets uplifted, the Firefox team takes the change Tor Browser needs and adds it to Firefox. These changes in Firefox are disabled by default but can be enabled in preferences. Because preferences can be changed rather than updating each patch, the Tor Uplift project saves the Tor Browser team a lot of work. | |||
The primary targets of the Tor Uplift project were two features: [https://wiki.mozilla.org/Security/FirstPartyIsolation '''First Party Isolation'''] and [https://wiki.mozilla.org/Security/Fingerprinting '''Fingerprinting Resistance''']. First Party Isolation was shipped in Firefox 52 (off by default); the MVP of Fingerprinting Resistance will be shipped in Firefox 59 (also off by default). | |||
Tor Uplift also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience. That's the goal of '''Fusion''', the next big step of the collaboration between Mozilla and Tor. | |||
Fusion was initiated in 2018. Mozilla and the Tor Project are working closely on this project. | |||
= Project Vision = | = Project Vision = | ||
Mozilla and Tor Project are aligned with each other on the mission to protect user privacy on the Web. | Mozilla and the Tor Project are aligned with each other on the mission to protect user privacy on the Web. | ||
* The fourth principle of [https://www.mozilla.org/en-US/about/manifesto/ The Mozilla Manifesto] is '''"Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."''' | * The fourth principle of [https://www.mozilla.org/en-US/about/manifesto/ The Mozilla Manifesto] is '''"Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."''' | ||
* | * The Tor Project's mission is '''"to advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies."''' | ||
We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world | We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world by bringing cutting-edge privacy enhancing technology to more users. | ||
= Project Goals = | = Project Goals = | ||
Although this project is still experimental and in beginning phases, the ultimate long-term goal of Fusion is to integrate full Tor Browser features in Firefox. There are many potential paths for our project, including enabling some features by default and others only in [https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history Private Browsing Mode]. | |||
We need a lot of research and experiments to support the decision-making for the final solution. However, the clear short and mid-term goals are: | We need a lot of research and experiments to support the decision-making for the final solution. However, the clear short and mid-term goals are: | ||
| Line 34: | Line 33: | ||
** conducting a browser fingerprinting analysis research project to help us figure out the best defense strategy | ** conducting a browser fingerprinting analysis research project to help us figure out the best defense strategy | ||
* '''We will implement a proxy bypass testing framework for Firefox''' | * '''We will implement a proxy bypass testing framework for Firefox''' | ||
* '''We will | * '''We will determine how best to integrate the Tor proxy into Firefox''' | ||
* '''We | * '''We will allow First Party Isolation and Fingerprinting Resistance to be enabled only in Private Browsing Mode''' | ||
= Project Lists = | = Project Lists = | ||
Latest revision as of 06:43, 8 January 2018
Fusion (Firefox USIng ONions) is a Mozilla project, in collaboration with the Tor Project, to bring the cutting-edge security and privacy features to Firefox users by leveraging the technologies of Tor Browser and Tor Proxy.
This project is experimental and in the beginning phases.
Background
The Firefox and Tor Browser teams are long-time collaborators. The Tor Browser team builds Tor Browser by adding privacy-enhancing patches to Firefox ESR. When this process first began, the Tor Browser team would have to update these patches each time a new version of Firefox was released, which was very time intensive.
In 2016, we started the Tor Uplift project to take the Tor Browser patches and "uplift" them to Firefox. When a patch gets uplifted, the Firefox team takes the change Tor Browser needs and adds it to Firefox. These changes in Firefox are disabled by default but can be enabled in preferences. Because preferences can be changed rather than updating each patch, the Tor Uplift project saves the Tor Browser team a lot of work.
The primary targets of the Tor Uplift project were two features: First Party Isolation and Fingerprinting Resistance. First Party Isolation was shipped in Firefox 52 (off by default); the MVP of Fingerprinting Resistance will be shipped in Firefox 59 (also off by default).
Tor Uplift also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience. That's the goal of Fusion, the next big step of the collaboration between Mozilla and Tor.
Fusion was initiated in 2018. Mozilla and the Tor Project are working closely on this project.
Project Vision
Mozilla and the Tor Project are aligned with each other on the mission to protect user privacy on the Web.
- The fourth principle of The Mozilla Manifesto is "Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."
- The Tor Project's mission is "to advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies."
We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world by bringing cutting-edge privacy enhancing technology to more users.
Project Goals
Although this project is still experimental and in beginning phases, the ultimate long-term goal of Fusion is to integrate full Tor Browser features in Firefox. There are many potential paths for our project, including enabling some features by default and others only in Private Browsing Mode.
We need a lot of research and experiments to support the decision-making for the final solution. However, the clear short and mid-term goals are:
- We will improve Fingerprinting Resistance by
- making fingerprinting resistance more user-friendly,
- minimizing Web breakages caused by fingerprinting resistance, and
- conducting a browser fingerprinting analysis research project to help us figure out the best defense strategy
- We will implement a proxy bypass testing framework for Firefox
- We will determine how best to integrate the Tor proxy into Firefox
- We will allow First Party Isolation and Fingerprinting Resistance to be enabled only in Private Browsing Mode
Project Lists
Tor Uplift
The Tor Uplift project is aimed at landing all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.
First Party Isolation
The First Party Isolation project is part of the Tor Uplift initiative.
It implements one of the Tor Browser core features (Cross-Origin Identifier Unlinkability).
First Party Isolation (also called "double keying") was incorporated in Firefox 52 with the preference "privacy.firstparty.isolate". It provides a very strong anti-tracking protection by preventing third parties from tracking users across multiple sites.
Fingerprinting Resistance
The Fingerprinting Resistance project is part of the Tor Uplift initiative.
It implements another Tor Browser core feature (Cross-Origin Fingerprinting Unlinkability).
Fingerprinting Resistance (also called "anti-fingerprinting") was incorporated in Firefox 59 with the preference "privacy.resistFingerprinting". It is a defense against browser fingerprinting, which is a widely used Web tracking technology to identify individuals.
Getting Involved
The easiest way to get involved in the Fusion project is to help us writing code, running tests and filing bugs.
If you are interested in contributing to Fusion, drop by:
- the mailing list: fusion@mozilla.com
- the #tor or #security IRC channels on Mozilla's IRC server
External Links
- Video: How Tor Browser Protects Your Privacy and Identity Online
- The Design and Implementation of the Tor Browser
- Tor Blog, Tor at the Heart: Firefox
