This would be in my opinion the single most important development that came so far out of the NSA controversy!
If they can somewhat manage to keep the user experience not complete disappointment this will be the biggest steps forward to a broader privacy adoption.
All those tools such as PGP, TrueCrypt, VPNs, have completely failed to reach beyond a bunch of paranoid geeks. Mozilla has the key towards achieving a mass scale adoption.
Implementing this would most likely at least double the current amount of TOR users, making this a complete nightmare for the NSA and their associates.
I agree. What Tor needs is basically the same thing that encrypted email needs - a wide-spread and dead-simple user interface.
If Mozilla were to incorporate a "Tor Browsing Mode" analogous to "Private Browsing Mode" that "just worked" and didn't leak data, then Tor use would explode. Even just 0.1% of firefox's userbase would make a huge difference.
or just incorporate Tor into the "Private Browsing Mode" so users don't need to choose between them. Need a big notice to explain that "Private Browsing Mode" is now slower, some sites won't work correctly etc. along with the current notice.
The only reason why I am not using tor right now is because of it's barrier of entry. I can probably figure it out, but currently the effort outweighs the return.
Maybe I'm missing your sarcasm, you place no value in your digital privacy, or you're just completely computer illiterate. If you're capable of installing any app on your computer, you can run the tor browser. There is nothing more involved to it than downloading the tor browser bundle, running the setup file, and finally click on "Start Tor Browser.exe". My 90 year old grandmother could figure this out.
Aside from all that, if you don't significantly modify your browsing habits, all you've now done is increase your interestingness to the NSA et al. and made your browser run slower and use more RAM.
From barrier to entry I mean the browser itself. Chrome is just more convenient and up to date. I am a web dev and if the latest html5 gig doesn't work it might be a dealbreaker for me. Now I understand I don't have to use onion browser as my primary browser, but I just don't use more than one browsers, at all. If it's chrome then I use chrome everywhere, phone/laptop, desktop, tablet. Consistency and up to date browser is currently more important to me than my privacy.
If I set my mom up with Tor, she would gain zero benefit. Given that exit nodes are snooped on, she would actually be worse off. Hell, I seem to remember the Tor Bundle itself saying that you need to do more than just install it if you want actual privacy benefits.
So, there is a bit more involved than running an executable.
That's what I always thought about tor as well, but today I downloaded and have been using this - and it was/is as simple as installing and using any other browser:
When I was living in China, I used Tor daily to circumvent the great firewall. Back when the Tor bundle was using Firefox < 15, it has some bad memory leaks, but Mozilla has done a great job of fixing those. Chrome has turned into the memory hog. Chrome 2x memory usage has gotten so bad, I’m actually thinking about finding an old full install of a 0x or 1x for my laptop.
As far as it being slow to load sites, there will always be a high latency when using Tor. It’s the nature of onion routing. If Tor becomes more popular, I’m hoping there will be a way to donate to high bandwidth exit nodes to keep the network performance up.
The thing about that is the browser bundle they provide significantly reduces the number of variables they need to consider when making tor work to secure privacy. If everyone used it with the default firefox there would be significant problems for anonymity in terms of browser sniffing.
I think a more helpful move in response to the exploit would be working towards having tor base their bundle on more up to date versions of firefox.
The problems Tor would bring users in terms of slow connection, risk from malicious exit nodes etc. would outweigh any benefit for most people. Combine this with the fact that to gain anonmyity from Tor you'd need to (at least) disable JS and session cookies, which many ordinary users will consider to break their browsing experience, and you'll find that really all this idea would do is put a lot more load on the Tor network. That's assuming a 'default on' option.
Perhaps an 'anonymous mode' version of 'private browsing' which switches the browser to a more secure configuration (like the Tor browser) and proxies through Tor would mitigate some of these problems.
If Mozilla added a "Tor mode", I'm sure it would be configured like the Tor Browser bundle, ie with both disable JS and session cookies disable along with all the privacy enhancements. The existing "private browsing mode" hurts the browsing experience. That's why it's optional for times when you value privacy over convenience.
If you had noticed from the tweets, it appears that Mozilla has been slow to adopt Tor's patches.[1][2] Making Tor a supported feature would greatly alleviate this situation.
A great imitative. Adding Tor support for private mode would only improve it, and give people a mode where searching for health issues, job advice, or any other sensitive information can be done private.
Maybe not common knowledge, but if you do search queries of those types, your ads in Youtube, Google, and other areas are likely to change. Their business model is to target ads based on previous searches. If you then share the network with other family members, those ads will pop up on their screens to.
That might sound useful, but it would cause a lot of damage:
- many users would get malware-injected web pages from shady exit nodes (they would become a much more interesting target for phishing/other malware than they are now)
- it would no longer be practical for web sites to block Tor as a defence against excessive scraping, spam posts, fake reviews (currently most Tor traffic to "normal" web sites is of that kind)
1. Firefox, with its insane public reach, can substantially heighten the awareness of privacy issues.
2. Government will have to get creative to subdue a highly popular heavyweight like Mozilla.
And as already mentioned, it might be the best response, as of yet, to the NSA fallout. It can potentially seriously alter the power balance between the Big Brother and us, people.
A broader issue I've thought about before now is that we might need to redefine what "incognito" mode is, now. What we have is still relevant- the always-used "gift shopping" (and the more realistic "porn mode") reasons still apply. But I worry that "incognito" implies more than it offers- after all, no-one monitoring your internet connection is going to be meaningfully affected by it.
What I'd also love to see (but am a little uncertain on how to implement) is tab isolation for sessions- I don't want the Facebook like button on <x site> to read my Facebook login on my other tab. Right now I can use incognito windows and Chrome extensions to achieve that, but it's messy.
It would be a fantastic edition to "private" mode. Also, by being baked into the browser, it would give Mozilla a degree of control over the protocols passed. A user opting for the browser plugin instead of the standalone client would not be passing Bittorrent traffic over the network.
More relays and endpoints would be needed, but I wonder how kind of support could be gathered if Tor was publicized in such a way.
Strikes me as obvious pandering. Obviously for 99% of users Tor is more headache and overhead for no real benefit. Not to mention that most users would say "Why did my internets get so slow?" and not understand what was going on.
Yes, you assume correctly -- it would be competitive-browser suicide to turn on by default. Thinking either that we would do such a thing, or that I'd pander with such a non-starter (or pander at all, at my age and lack of political ambition) is just dumb.
What would be smart, which we are looking at: adopting, supporting, and bundling Tor (opt-in). As I tweeted.
There's no technical support necessary mind, Tor is just another proxy you can point your browser to with one click.
It is 'support' as in activism in the vain of "Know your rights" first-run messages Firefox runs, 'etc. It frustrates me when the solutions hacker types come up with either exclusively revolve around code or are not well thought out (like this suggestion).
TOR browsing in Firefox is a horrible experience that's so far from usable that it shouldn't be exposed to any but the most expert of of users who understand how it actually works and what benefits it brings with its great cost -- a mostly broken browser.
It took about a day before anyone figured out what exactly the exploit was doing; I guess all the normal researchers are off at Black Hat without their usual tools.
A VPN will protect from a MITM attack, obscuring the resources you're accessing and the data exchanged to an observer. However, it does not anonymize you from the VPN provider, who can still disclose your information or be compelled to provide it. (you undoubtedly had to pay for that VPN with a legal name and payment information.)
Tor not only protects against MITM, but obscures the requester such that if an interested party can either force information from, or controls the endpoint, they cannot discover who the requester is.*
(* Provided that the requester is not divulging information in the form of cookies or other personally identifying information. If Mozilla were serious about providing native Tor functionality in Firefox, they'd no doubt provide it as part of the browser "Private" mode.)
Edit: This link doesn't cover VPNs, but gives a good idea of how different services provide security at different levels. VPNs obscure the "site.com" along the route, while the location in all locations as shown as the VPN provider, and not the end user. However, because the VPN provider knows the identity of the user, it can potentially disclose this info. A Tor endpoint does not know this.
https://www.eff.org/pages/tor-and-https
>(you undoubtedly had to pay for that VPN with a legal name and payment information.)
I used Bytesized-Hosting, which allows you to pay for their VPS with bitcoins. I only had to provide a username, password, and a junk email address.
AirVPN, among other VPN providers, also allow you to pay with Bitcoins, which can be anonymized over TOR for that particular transaction.
I am not sure how much it helps protect the conifdentiality of the user, but many VPNs also claim to delete their OpenVPN logs immediately after a session has ceased. Though, I suppose if a three letter agency wanted dirt on someone, this policy would be easy enough to circumvent.
That is possible, yes. Not many VPN services do that, but as Sanddancer pointed out, there are ways.
However, for most, it's an inconvenience that presents a barrier to entry. (Judgements aside.)
As for logs, it would be great to believe that they would be true to their word. However, that requires placing trust in the service provider. While I would give the benefit of the doubt in that most probably are true to their policy, I wouldn't want the weak link in my security chain to be the faith that my VPN provider isn't logging.
Regardless, since they are hosting the connection, they can discern the user. The capability exists, even if they promise not to use it. Removing the capability eliminates this source of worry.
Going back to the original post and kishor's comment, he/she highlights the point that regarding the technical solutions available, there's a range between having the most security solution, and the fastest and most convenient. Tor, VPN+anonymized payment and other methods will provide a greater degree of protection than say, using your credit card to simply buy a VPN.
At the end of the day, one needs to assess their security requirements against the degree of inconvenience they're willing to endure. Are they at risk of a nation-state ruthlessly pursuing them by any means? If so, then every protection is needed. If it just needs to be made difficult enough to protect against a cursory inspection, then a VPN might suffice. As with all security discussions, The likelihood and potential impact of the threat determines the degree of mitigations one needs.
Nope. I can walk down to the local (or not local) seven-11/walgreens/etc and get a disposable credit card for use in paying for my vpn provider, and provide them that I am Jake Blues and live at 1060 West Addison St, Chicago, Il.
But credit card companies maintain records of time and place sold, so unless you travel to a foreign country to make your purchase, you're still leaking your location.
They'll learn those cards were purchased from a Walgreens on Market Street in San Francisco three months ago. If the clerk even remembers, the purchaser said something about being dragged to SF for business, and how they really wish they were back in New York with their kids. In other words, less than nothing.
If they can somewhat manage to keep the user experience not complete disappointment this will be the biggest steps forward to a broader privacy adoption.
All those tools such as PGP, TrueCrypt, VPNs, have completely failed to reach beyond a bunch of paranoid geeks. Mozilla has the key towards achieving a mass scale adoption.
Implementing this would most likely at least double the current amount of TOR users, making this a complete nightmare for the NSA and their associates.