[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Torbutton 1.3.0-alpha: Community Edition!



"Release early and release often" is the motto, or so I'm told.. Well
I never liked getting up early, but maybe we can at least try for
often with this one. But probably not..

Despite these shortcomings of mine (among others), Torbutton
1.3.0-alpha is the first release of Torbutton where most of the code
has come from our community members! 

This is great, because after many long years of Torbutton development,
I barely have enough time and sanity remaining to maintain bugfixes on
1.2.x. Not that I started with very much of either in the first place,
I suppose[1]...


And with that, it gives me great pleasure to announce Torbutton
1.3.0-alpha! Due to limitations of addons.mozilla.org, the alpha
series will only be available at the Tor website:
https://www.torproject.org/torbutton/releases/torbutton-1.3.0-alpha.xpi{,.asc}

This release features "tor://" and "tors://" urls that will
automatically enable Tor before loading the corresponding http or
https url. Useful for bookmarks of your tor sites, or sharing urls
with other Torbutton users to ensure that they load them safely
through Tor. It also features a cookie manager that attempts to allow
you to protect specific cookies that you want to preserve between Tor
modes, as well as intelligent referrer spoofing.

All three of these features were written by Kory Kirk, for his 2009
GSoC summer of code project. (What did I say about "early"?)

It also features support for a Transparent Proxy or Tor router (or
your regular connection), where Torbutton's protections can be enabled
without using any proxy. This feature was written by Jacob Appelbaum
and Kory Kirk.

These features should be regarded as *experimental*. In particular,
the cookie manager needs testing, to ensure that it is actually
properly protecting and deleting the right cookies, without leaking
them from state to state. Someone should also pay close attention to
the referrer behavior to ensure it is behaving sanely.

What little time I have for Torbutton development will be devoted to 
supporting Firefox 4, and trying to work through this neverending set
of bugs for 1.2.x: https://trac.torproject.org/projects/tor/report/14

However, it would be great if we could drum up some more community
interest in developing these and other features, too. In particular, I
think it would be really swell if the cookie manager could be extended
into providing a "New Identity" button, complete with an optional
timer to run periodically. There's tons of other potential features
waiting to be implemented in the "Enhancements" section of that trac
report, too.


Here is the complete ChangeLog for 1.3.0-alpha:

 * new: Support for transparent proxies in settings
   (patch from Jacob Appelbaum and Kory Kirk)
 * new: tor:// and tors:// url support to auto-toggle into tor mode
   (patch from Kory Kirk)
 * new: Cookie manager to allow individual Cookie protection
   (patch from Kory Kirk)
 * new: Add referrer spoofing based on modified same origin policy
   (patch from Kory Kirk)
 * new: Add DuckDuckGo.com as a Google captcha redirect destination
   (patch from aiden tighe)
 * bugfix: bug 1911: Fix broken useragent locale string on debian
   (patch from lunar)
 * bugfix: Fix captcha detection for encrypted.google.com


[1]. http://archives.seul.org/or/talk/Mar-2007/msg00417.html

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgptLfYFEjlak.pgp
Description: PGP signature