[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton

On Mon, Apr 11, 2011 at 04:33:08PM -0700, Mike Perry wrote:
> I now no longer believe even this much. I think we should completely
> do away with the toggle model, as well as the entire idea of Torbutton
> as a separate piece of user-facing software, and rely solely on the
> Tor Browser Bundles, except perhaps with the addition of standalone
> Tor+Vidalia binaries for use by experts and relay operators.

As someone who participate in spreading Debian on desktop systems, I am
a little bit worried on the outcomes of such decision. I think most of
my concerns apply to other distributions as well.

First, let's clear this out: I do not really care about the toggle
model. I would be perfectly fine with having a specific application to
start in order to browse the web using Tor. What I am worried about is
how it would be distributed.

In the recent times, I have seen a lot of people who were impressed by
their phone "AppStore" and other variants of this software distribution
model. I was really amazed, as I have a hard time seeing how different
it is from what Debian have since 1998 with APT.

Since 2005, it is even better: software in Debian repositories is signed
using cryptographic signatures. So when retrieving an application
from our store, there is a really good chance that the Debian community
has verified that it does not contain spyware.

The Free Software community is huge, the Debian community is quite big
as well. But I still do prefer to put have some level of trust on 1000
people than to have no level of trust at all.

That's what I keep telling to the folks I help installing Debian.
Together with "you should not install random stuff downloaded from
a random web site". "Why?" they answer, and my reply, skipping the
details, boils down to "you don't need to, everything is already in

And I am talking about Debian stable here. Users that do not want to
spend much time dealing with how their computers work. Only about
the work they want to do with their computers. Having a major system
upgrade every two years is more often enough in their eyes.

How does that relate to Torbutton and Tor Browser Bundle?

Well, as already pointed out by intrigeri, Debian has gone a great
length to avoid embedded code copies in its source packages. Firefox
security record is far from perfect, and I see no chance that Debian
security team and ftpmasters would accept to ship another version of
Firefox in the archive.

If another version of Firefox cannot enter the Debian archive, the Tor
Browser Bundle will not be able to join this great "AppStore" Debian
(and Ubuntu, and others) already has. So it will need, at least, a
custom repository, or a custom way to be installed and a custom way to
tackle security updates.

Given the amount of work Mike Hommey put in the maintainance of
Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and
weasel will have the time and energy to maintain TBB in a custom
repository. Having a dedicated application to install and update TBB
makes me really nervous as it paves the road for so many bad habits that
those users I was talking about left when they started using Debian on
their desktop.

As the maintainer of xul-ext-torbutton, I also have one question: what
upgrade path should I provide for Debian next stable release?
(Doing nothing means that 1.2.5 will stay on their system until they
remove the package.)

Here is a possible solution that quickly came to me, but I have no real
clue on how much work it would need (and if every party involved would
accept it):

 1. Apply specific Tor patches against Firefox 4 in Debian iceweasel
    package. The changes that are not compatible with the common case
    would need to be activated by a command-line switch or a specific
    configuration option.
 2. Keep xul-ext-torbutton in Debian. It would be modified in the
    way that it would not appear at all in the usual browser if
    the previous command-line switch or specific configuration
    option is not active.
 3. Create a new Debian package, something like "tor-browser" that
    would add a new menu entry labeled "Tor Browser" and that would
    start Iceweasel with a dedicated profile and the specific "Tor"

Actually, it might be better to provide Torbutton in the "tor-browser"
package. Provided that it ships a dummy package "xul-ext-torbutton" as
an upgrade path.

Does this sound like a bad idea? Too much work?
(Input from Weasel and Erinn would probably be welcome.)

Last comment: we should all continue to stress out that Internet is
not only made of web sites. If Internet was only about web sites, Tor
would had a harder time happening: this new protocol was free to run
through the cables. IMHO, associating Tor with only web browsing is like
shooting ourselves in our feet: if everyone thinks "Internet = the web"
no one notices when providers start to filter strange protocol, make
everything travel through stupid proxies or use NAT4444.

I am saying that because having separate "tor" and "tor-browser" package
in Debian gives me an opportunity to explain that Tor can be used for
other purpose than only web browsing.

JÃrÃmy Bobbio                        .''`. 
lunar@xxxxxxxxxx                    : :â  :  # apt-get install anarchism
                                    `. `'` 

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list