It would be so great if Mozilla integrated Tor. Beyond the curse of success mentioned in the article, it would really lower the burden on the Tor developers, who have had to support a lot of patches from Firefox that Mozilla have been slow to merge.
My main concern is that this will be hidden behind an option or an "extreme private" mode -- Tor seems too high-latency for the typical use-case of private browsing (image viewing and video streaming).
If you run a web service and would like to provide high-security anonymous access, consider running an Exit Enclave -- a Tor exit configured to exit only to your site. If Tor detects that your exit and your site share an IP address, it will automatically extend the normally 3-hop circuit to your node, and the traffic will exit the Tor network on your machine rather than an arbitrary node (which could be malicious).
I hope this finally kills the "only criminals use Tor" narrative the NSA and periodically, the media push. Everyone deserves strong anonymity.
Well, that sucks. DuckDuckGo run a Tor exit enclave. I hope this doesn't put them off running an exit node, even if only to their own servers: https://duckduckgo.com/privacy
> If you run a web service and would like to provide high-security anonymous access, consider running an Exit Enclave -- a Tor exit configured to exit only to your site. If Tor detects that your exit and your site share an IP address, it will automatically extend the normally 3-hop circuit to your node, and the traffic will exit the Tor network on your machine rather than an arbitrary node (which could be malicious).
For what it's worth, DuckDuckGo has done this for the past 4 years[0].
I think StartPage is still the default for the Tor browser bundle, but I'm not sure if they have an exit enclave as well.
Why do you say that? According to the Tor Project FAQ for their browser bundle, they leave JavaScript enabled. The only problem they mention is that selectively allowing scripts via NoScript permissions leaks information, so it's an all-or-nothing decision with regards to third-party scripts for any given site and they choose to make the default the one that breaks fewer sites. (And really, you're still free to block scripts from any third-party site that has an effective surrogate script bundled with NoScript.)
Tor has been exploited in the past in ways which only affected those who kept JavaScript enabled [1]. I actually love JavaScript, and the doors it can open for trustworthy developers, but I don't think a deep cover journalist or whistleblower should be browsing with it.
So, that's not Tor being exploited, that's just a Firefox bug that was used to get at Tor users because they're more interesting targets. It wasn't a case of JavaScript making Tor less private or less secure except in that it was JavaScript making everything less private and secure, and Tor doesn't protect you from that because Tor isn't a security tool.
The article mentions "hundreds of millions of new users". That would be great news for privacy on The Internet.
But it would surely slow the Tor network to a halt. Users trying out privacy-enhancing technology would be disappointed guaranteed with 30+ seconds page load times.
Tor has roughly 1000 exit nodes, all traffic flows through them. It needs to have much more capacity to handle that kind of load. Who is going to pay for 100x or 1000x server capacity?
(This is the original source for the Dot article.)
A summary: Raw bandwidth isn't the limiting factor in scaling Tor; before you just plug in traffic to the network, you'd need to optimize Tor's internal protocols to make expansion of the network even possible. However, those hurdles are fairly small, and once they're handled, it's just a matter of funding to pump up more nodes, which is much more simple.
Further, not all Firefox users (if the article's speculation is correct) will be using private browsing at once. So the actual increase is probably 5-10% (at most? anyone know actual statistics about private browsing?) of that number.
While I agree with you I think there are two factors here (1) only a small fraction of the hundreds of millions would actually try out a Tor-private-browsing-mode and (2) tor won't grow until it is further strained (yes I know it is strained now). This would be great and would push innovation to solve the traffic problems.
If the added use case bring too much strain on the network and cannot be solved through interest and need than Tor could simply split it off or itself into an alternate network.
I wish someone would integrate crypto currencies into the layers of the Tor onion. I could imagine paying a few cents for each unlayering. Basically you just include a private key for a wallet holding 0.0000n cents in each layer with perhaps 0.000n for the exit. But I guess this will take some time for intuition to adapt to it.
I would assume that the organisation supposedly integrating Tor would have to fund tor exit and bridge nodes in mass. Or just force users using this alternate private mode to also share bandwidth in a p2p/skype like manner.
I suspect this will start hitting problems when users discover that lots of sites break in unexpected or mysterious ways when run in "Super Private Mode" or whatever they call it. Tor is blocked or treated suspiciously by a LOT of different sites. It's not at all a free upgrade.
Wonderful news. I am particularly looking forward to having torified connection in a browser with some continuity and customization.
The bundles are stripped of customizations and I find it inconvenient to bring along bookmarks and chosen extensions manually at every upgrade of the bundle.
I realize it's often for good reason that the bundles are minimalistic, but I see no fundamental reason why I should have to relinquish bookmarks and personal settings to stay anonymous, and it would be great if this could spur a greater drive to make it clear what extensions are safe or new browser architecture that would make it safe to use add-ons in general with Tor.
Bravo. I would imagine this would be as an alternate and not in the default mainline. Whomever takes this step first will probably find it being used as a catalyst for much more than just anonymity. First users whom hit copyright walls on youtube and other sites have a quick route around: "The Net interprets censorship as damage and routes around it." -- John Gilmore. But beyond this the services that could be built on mostly hidden end points are immense. Personal mail servers, instant access to files at home, selective public vs private sharing groups, etc.
For anyone interested in exclusively using Tor on Android immediately, check out orWall, a root-requiring proxy that blocks all regular traffic by default and allows app-specific access of your choosing to exit via Tor. Only on F-Droid market for now, but coming to Play Store soon.
Mozilla's funding comes primarily from search partners (namely Google)[0][1] - I don't think they could do this and still survive as a company at this point, sadly.
At the same time, if every Firefox user donated even $1 to Mozilla, they wouldn't need to take this money[2], and could probably be a bit more carefree in these decisions.
They mention it in passing in the article, but I think that it is very important to make it a default setting, something like "donate 5% of my bandwidth to internet privacy". 500 million exit nodes minus 3 geeks that choose to go deep into settings to disable it.
My main concern is that this will be hidden behind an option or an "extreme private" mode -- Tor seems too high-latency for the typical use-case of private browsing (image viewing and video streaming).
If you run a web service and would like to provide high-security anonymous access, consider running an Exit Enclave -- a Tor exit configured to exit only to your site. If Tor detects that your exit and your site share an IP address, it will automatically extend the normally 3-hop circuit to your node, and the traffic will exit the Tor network on your machine rather than an arbitrary node (which could be malicious).
I hope this finally kills the "only criminals use Tor" narrative the NSA and periodically, the media push. Everyone deserves strong anonymity.