[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17248 [Applications/Tor Browser]: Investigate new WebExtensions API requirements for our extensions



#17248: Investigate new WebExtensions API requirements for our extensions
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  task                      |         Status:  closed
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:  fixed
 Keywords:  TorBrowserTeam201512      |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by yawning):

 Replying to [comment:14 gk]:
 > Replying to [comment:13 mcs]:
 > > Replying to [comment:12 tom]:
 > > > I think that https://developer.mozilla.org/en-US/Add-
 ons/WebExtensions/API/Runtime/connectNative might be a workable solution
 to this one. Obviously it would require the other side (Tor's control
 port) to change.
 > >
 > > I think we should leave tor unchanged and instead think about
 splitting Tor Launcher into a WebExtensions (JavaScript) part and a
 compiled (Go?) "shim." Communication between the two pieces would be via
 Native messaging (aka connectNative). Kathy and I did something similar
 for a Chrome extension that we wrote several years ago (a non-Tor
 project). It worked pretty well. Obviously we will need to define our own
 protocol between the JS code and the compiled code.
 >
 > Keep in mind that we need this to work on mobile as well. While I don't
 worry about the JS part I am not sure about the shim. That said we are
 probably going to get money for Tor Browser on mobile and one of my secret
 hopes was to get a mobile version of Tor Launcher with it that we then can
 use on desktop too.

 My 0.02 Zimbabwean Dollar opinion on this matter is that the right thing
 to do from a technical standpoint is to kill `tor-launcher` with fire, and
 maintain launchers for each of the supported platforms.  Having to start
 firefox with the privileges/capabilities that tor needs is horrific and is
 something that we should move away from unless we have a lot of faith in
 Firefox acquiring decent security/sandboxing.

 nb: I picked a totally worthless currency for a reason, and don't expect
 this to actually be done.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17248#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs