[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #8390 [Tor bundles/installation]: Improving the Mac Browser Bundle

To: undisclosed-recipients:;
Subject: [tor-bugs] #8390 [Tor bundles/installation]: Improving the Mac Browser Bundle
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sun, 03 Mar 2013 17:24:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 Mar 2013 12:24:44 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8390: Improving the Mac Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  Haravikk                  |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  normal                    |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------
 '''Summary''':
 Currently the Mac browser bundle isn't very Mac-like, and it includes some
 basic problems.

 '''Separation of TorBrowser and Vidalia'''
 One issue straight away is that TorBrowser and Vidalia are bundled into a
 single app. This isn't necessarily a problem on its own, however one side-
 effect appears to be that if you open TorBrowser, causing Vidalia to open,
 and fail to close Vidalia after you've closed the browser, then you cannot
 re-open the browser when opening TorBrowser-en-US.

 I would recommend separating the browser from Vidalia entirely, and simply
 provide the package with its own implementation of Tor. When launching the
 browser the script inside would look to see if a version of Tor is already
 running and, if not, will open the bundled version of Tor in client-mode
 with sensible, safe defaults (greatest compatibility with firewalls etc.).

 This way if a user wants to run Tor as a relay then they can simply
 download Vidalia separately and set it up to run in the background. Thus
 when they open their browser it will use Vidalia's copy of Tor instead. By
 looking for a valid Tor process a user could skip Vidalia entirely and
 simply use Tor via command line/script.

 '''TorBrowser Settings'''
 While I respect that TorBrowser is intended to provide a secure
 experience, the lack of any settings persistence is somewhat annoying.
 Personally I don't mind allowing some of FireFox's history items such as
 pages I've visited, and even cookies provided they are not from third-
 parties and are cleared when I close the browser. I don't know if any
 plugins already exist or if TorButton could include it, but being able to
 clear cookies when I leave a domain (I no longer have any tabs/windows
 open for that domain) would be good.

 In any event, access to some of the basic FireFox settings is highly
 desirable so that I can setup TorBrowser just as I would the normal
 version of FireFox, but with the added benefit of knowing my traffic is
 safe from inspection.

 Ideally the TorBrowser settings would just be stored in my user library as
 normal; the current behaviour of storing the settings inside the
 TorBrowser-en-US bundle actually seems less secure to me, as the contents
 of the TorBrowser-en-US/Library folder are actually world-visible but not
 writable, meaning that other users on the same machine could potentially
 see those contents, but also they would require their own copy of
 TorBrowser as placing a copy in /Applications/ wouldn't work due to
 conflicting permissions.

 Besides which, I believe that removing FireFox's settings from the bundle
 will allow the package to be signed for OS X's GateKeeper. If TorBrowser
 uses a default FireFox profile then it should be possible for a launcher
 script to simply copy this from within the bundle into a user's Library
 folder on launch.

 '''Conclusion'''
 I think these kinds of changes would allow the TorBrowser bundle to better
 focus on being a browser that connects to Tor, and improve integration
 with Mac OS X. I may take a look at this myself if I have a chance, as if
 it can be done using a shell script alone then I can probably Mac-ify
 TorBrowser a bit better, but I don't know when I'll get a chance to look
 at it properly as I know little about Tor, launching FireFox by command
 line, and application bundles ;)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8390>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #6396 [Tor]: Reachability tests for obfuscated bridges
Next by Author: Re: [tor-bugs] #8018 [Tor]: path-spec does not discuss guard rotation
Previous by thread: Re: [tor-bugs] #6396 [Tor]: Reachability tests for obfuscated bridges
Next by thread: Re: [tor-bugs] #8018 [Tor]: path-spec does not discuss guard rotation
Index(es):
- Author
- Thread