[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton



Thus spake Jérémy Bobbio (lunar@xxxxxxxxxx):

> How does that relate to Torbutton and Tor Browser Bundle?
> 
> Well, as already pointed out by intrigeri, Debian has gone a great
> length to avoid embedded code copies in its source packages. Firefox
> security record is far from perfect, and I see no chance that Debian
> security team and ftpmasters would accept to ship another version of
> Firefox in the archive.
> 
> If another version of Firefox cannot enter the Debian archive, the Tor
> Browser Bundle will not be able to join this great "AppStore" Debian
> (and Ubuntu, and others) already has. So it will need, at least, a
> custom repository, or a custom way to be installed and a custom way to
> tackle security updates.
> 
> Given the amount of work Mike Hommey put in the maintainance of
> Iceweasel (Firefox in Debian is called Iceweasel), I wonder if Erinn and
> weasel will have the time and energy to maintain TBB in a custom
> repository. Having a dedicated application to install and update TBB
> makes me really nervous as it paves the road for so many bad habits that
> those users I was talking about left when they started using Debian on
> their desktop.

The reality is we have quite a lot of issues with every distribution.
It is true that Debian gives us the least amount of hassle, though.  I
suspect this may just be because we're lucky enough to be so strongly
socially connected to it. Because, man is it a rickety, towering
bureaucracy otherwise ;).

> As the maintainer of xul-ext-torbutton, I also have one question: what
> upgrade path should I provide for Debian next stable release?
> (Doing nothing means that 1.2.5 will stay on their system until they
> remove the package.)
>
> Here is a possible solution that quickly came to me, but I have no real
> clue on how much work it would need (and if every party involved would
> accept it):
> 
>  1. Apply specific Tor patches against Firefox 4 in Debian iceweasel
>     package. The changes that are not compatible with the common case
>     would need to be activated by a command-line switch or a specific
>     configuration option.
>  2. Keep xul-ext-torbutton in Debian. It would be modified in the
>     way that it would not appear at all in the usual browser if
>     the previous command-line switch or specific configuration
>     option is not active.
>  3. Create a new Debian package, something like "tor-browser" that
>     would add a new menu entry labeled "Tor Browser" and that would
>     start Iceweasel with a dedicated profile and the specific "Tor"
>     switch.
> Actually, it might be better to provide Torbutton in the "tor-browser"
> package. Provided that it ships a dummy package "xul-ext-torbutton" as
> an upgrade path.
> 
> Does this sound like a bad idea? Too much work?
> (Input from Weasel and Erinn would probably be welcome.)

If Debian as a whole is willing to take our patches, that's great. We
hope they'll be merged into Mozilla eventually, so it could be a good
testing ground.

I agree that the approach above could work. If Debian wants to conjure
an alternate package that is really just a shell script that just
launches an /etc/skel copied TBB Firefox profile, this sort of thing
should be possible and fairly straight-forward. We can talk about this
on IRC, I suppose. It likely won't be a priority on Tor's side,
though. Also, I think we messed around a bit with remoting (aka new
window launching) on TBB Firefox, which may cause odd behavior for
your use case, or maybe not.. Erinn and sjmurdoch can tell you the
details of this (or I may be able to fetch them out of my subconscious
later).

Our current working-plan is to provide an external repo, like we've
been forced to do for Ubuntu for other reasons. This ticket is
supposed to list the barriers to that:
https://trac.torproject.org/projects/tor/ticket/2879

But hey, so far there are none! :)

The long-term plan is to make Thandy the update future for our
packages. It is hardened against a lot of attacks that OS updaters are
not hardened against. We designed it because we thought it was the
future for all Tor packages, and I think this means we should start
acting like it. I think providing our own distro repositories is an
intermediate step to self-flagellate ourselves into actually bringing
Thandy online.

As a last resort, could you replace torbutton with an empty package? I
can give you a replacement torbutton that refuses to toggle... Is this
against the debian social contract? :)

> Last comment: we should all continue to stress out that Internet is
> not only made of web sites. If Internet was only about web sites, Tor
> would had a harder time happening: this new protocol was free to run
> through the cables. IMHO, associating Tor with only web browsing is like
> shooting ourselves in our feet: if everyone thinks "Internet = the web"
> no one notices when providers start to filter strange protocol, make
> everything travel through stupid proxies or use NAT4444.

Right. I don't think that anyone is going to forget the value of
non-web communications. It's too built-in to the Internet and too
readily useful. However, the slightly more nuanced political realities
of this may make you sad:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/ReducedExitPolicy

> I am saying that because having separate "tor" and "tor-browser" package
> in Debian gives me an opportunity to explain that Tor can be used for
> other purpose than only web browsing.

Sure. That's what torsocks is for. It's a great Linux app, something
we dearly wished existed on Windows (and worked better on Mac OS).
http://code.google.com/p/torsocks/

I envision torsocks working with the system tor package, rather than
the TBB one. They should run on different ports:
https://trac.torproject.org/projects/tor/ticket/2264

The reason for this is that torsocks apps are poorly anonymized at the
application layer, and you don't want these to leak data (like your
username, hostname, etc) concurrent to your tor web traffic.  The
easiest way to prevent that right now is to use your distro's tor and
our TBB at the same time.

(The long term way is to implement SOCKS password support both in Tor
and in Firefox:
https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/171-separate-streams.txt
https://bugzilla.mozilla.org/show_bug.cgi?id=122752).

I still consider torsocks an expert app, though.


So, in summary: Chaos and upheaval! Your bureaucracy is doomed!
Prepare for the paper shortage!

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpMhvUJshkSK.pgp
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk