Hacker News new | ask | show | jobs
by eganist 2944 days ago
Thanks for your effort! If I can ask, how much overlap exists between your team and the team overseeing the implementation of security protocols within Firefox e.g. HSTS, CSP, etc.? It'd be neat to see Firefox drive innovation here alongside the effort to weave Tor into the browser; although I wouldn't necessarily treat Tor integration the same as I might the implementation of other security specifications, I can see how the teams working on such might overlap, hence my question.
1 comments
tomrittervg 2944 days ago
The Fusion project is done by a subset of that team (+me, I happen to sit with Sandboxing due to other responsibilities).
link
dat_boi20 2944 days ago
By passing this on to Mozilla and discontinuing Tor Browser, you're going to inherit the innumerable issues in their code base. Wouldn't it be easier to hard-fork and create a simple browser with minimal overhead? It doesn't have to be loaded with features. Just minimalist and private.

Some anti-features that come to my attention off the top of my head:

* Biometric login (as of FF60)

* Dumb PR Stunts like Mr. Robot

* Telemetry

* Balrog (Analytics and browser fingerprinting on AmazonS3)

* Social API

* VR sensors

* DRM

* Google Chrome (large contract Mozilla has with them as they backport this into IPC)

* CloudFlare DNS (Department of Homeland Security partner and Tor arch-enemy)

etc...

link
tomrittervg 2944 days ago
Tor Browser will exist as long as Tor feels it needs to. If the features or anti-features in FF cause them to believe Firefox does not fit their need, then we're/they're not going to discontinue it.
link
jerheinze 2944 days ago
> By passing this on to Mozilla and discontinuing Tor Browser, you're going to inherit the innumerable issues in their code base.

What issues exactly? Tor Browser = Firefox ESR + some patches + some other stuff and tweaks. Before the release of the next ESR TB devs rebase and submit these patches to mainline Firefox, that's why you have prefs like privacy.resistFingerprinting and privacy.firstparty.isolate in mainline Firefox, see: https://wiki.mozilla.org/Security/Tor_Uplift

link
exikyut 2944 days ago
> Google Chrome (large contract Mozilla has with them as they backport this into IPC)

What's this?

link
anonymfus 2944 days ago
>Biometric login (as of FF60)

Are you talking about Web Authentication? What is wrong with it?

link