Security/Fusion: Difference between revisions
Ethantseng (talk | contribs) (Add sections Getting Involved and External Links) |
Ethantseng (talk | contribs) (Polish the section Getting Involved) |
||
| Line 46: | Line 46: | ||
If you are interested in contributing to Fusion, drop by: | If you are interested in contributing to Fusion, drop by: | ||
* the mailing list: fusion@mozilla.com | * the mailing list: '''fusion@mozilla.com''' | ||
* the #tor IRC | * the '''#tor''' or '''#security''' IRC channels on [https://wiki.mozilla.org/IRC Mozilla's IRC server] | ||
= External Links = | = External Links = | ||
Revision as of 14:42, 1 December 2017
Fusion (Firefox Using Onions) is a Mozilla's project to build the cutting-edge security and privacy features for Firefox users.
Fusion will leverage the technologies of Tor Project, especially the ones in the Tor Browser and Tor Proxy, to bring more defense options for users.
Fusion was initiated in 2018. Mozilla and Tor Project are working closely on this project.
Background
The Firefox and Tor Browser teams have collaborated for a long time. In 2016, we started the Tor Uplift project to take this collaboration to the next level, bringing Firefox and Tor Browser closer together than ever before.
The Tor Browser team builds Tor Browser by taking Firefox ESR and applying some patches to it. These changes add valuable privacy features for Tor Browser users. But having these changes means that every time the Tor Browser team wants to use a new version of Firefox, they have to update the patches to work with the new version. These updates take up a substantial fraction of the effort involved in producing Tor Browser.
In 2016, we started the Tor Uplift project to take the Tor Browser patches and "uplift" them to Firefox. When a patch gets uplifted, we take the change that Tor Browser needs and we add it to Firefox in such a way that it is disabled by default, but can be enabled by changing a preference value. The Tor Uplift project saves the Tor Browser team work since they can just change preferences instead of updating patches. It also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience.
The primary target in the Tor Uplift project is two features.
- First Party Isolation
- First Party Isolation (also called "double keying") was incorporated in Firefox 52 with the preference "privacy.firstparty.isolate". It provides a very strong anti-tracking protection by preventing third parties from tracking users across multiple sites.
- Fingerprinting Resistance
- Fingerprinting Resistance (also called "anti-fingerprinting") was incorporated in Firefox 59 with the preference "privacy.resistFingerprinting". It is a defense against browser fingerprinting, which is a widely used Web tracking technology to identify individuals.
Fusion is the next big step of the Mozilla and Tor collaboration. We hope to move the needle on Web privacy based on the success of the Tor Uplift work.
Project Vision
Mozilla and Tor Project are aligned with each other on the mission to protect user privacy on the Web.
- The fourth principle of The Mozilla Manifesto is "Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."
- One of the Tor Project vision is "to advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies."
We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world, and help users to regain their privacy.
Project Goals
Ultimately, we hope to integrate full Tor Browser features in Firefox. There are many potential solutions. For example, enabling some features by default and providing options for other features in Private Browsing Mode. We can also consider creating a WebExtension for using Tor features.
We need a lot of research and experiments to support the decision-making for the final solution. However, the clear short and mid-term goals are:
- Improvement in Fingerprinting Resistance
- make fingerprinting resistance more user-friendly
- minimize Web breakages caused by fingerprinting resistance
- conduct a browser fingerprinting analysis research project to help us figure out the best defense strategy
- Enable First Party Isolation in Private Browsing Mode
- Enable Fingerprinting Resistance in Private Browsing Mode
- Proxy bypass testing framework for Firefox
- Design the Tor proxy prototype for Firefox
Getting Involved
The easiest way to get involved in the Fusion project is to help us writing code, running tests and filing bugs.
If you are interested in contributing to Fusion, drop by:
- the mailing list: fusion@mozilla.com
- the #tor or #security IRC channels on Mozilla's IRC server