[IngoBlechschmid]

Honest question: Why not bundle Tor, instead of relying on a proprietary VPN service? It seems that Tor satisfies the advertised use case ("insecure public WiFi") just as well.

[r3bl]

That's already happening.

Tor and Firefox are working together to make Tor network the default within private browsing mode. A number of privacy-related patches from Tor have already landed in Firefox (example: Firefox now has first-party isolation). It's a slow progress, but it's on its way.

If you're interested about more, the project is called Project Fusion: https://wiki.mozilla.org/Security/Fusion

There was a discussion here a few months ago: https://news.ycombinator.com/item?id=17205441

[IngoBlechschmid]

Awesome, thanks for bringing this to my attention! Good to hear that this is being worked upon.

[flukus]

I wouldn't be surprised to see this get dropped now that it's interfering with a revenue stream.

That's always the con of revenue streams, they impede Mozillas independence and ability act on behalf of users.

[LeoPanthera]

Well, "Tor Browser", which shares code in both directions with the Firefox project, is already available. So that's already an option.

It's not ideal though. A large fraction of the web blocks access from Tor relays, or makes you jump through extra hoops, like completing onerous captchas. It's not a great experience.

[tempestn]

Plus, by nature of having to go through several hops, it will always be slower than a standard VPN. (And that's in the best case. In reality it's noticeably slower, I assume due to congestion of exit nodes.)

[jvehent]

Because bundling Tor in Firefox would generate so much traffic it would take down the network. Tor needs to grow significantly before that integration is possible.

[IngoBlechschmid]

I guess this nudges me to host a middle node!

[ryan-c]

TBH, I'd be more comfortable using insecure public wifi than I would be using Tor.

Tor hides the source of your communication, and evades filtering. It does not protect the contents of your communications from eavesdropping. It's trivial to set up Tor exits to log traffic, and people do.

[GordonS]

If you're hitting a TLS-enabled site, then exit nodes can't see the content of your traffic, only the destination IP/host. Exit nodes also can't see your source IP, only the IP of the relay node.

[huhtenberg]

Because relaying random traffic of unknown nature is not everyone's cup 'o tea.

[intopieces]

Is Tor still super slow?

[megous]

Slower, but not super slow. Latency is significantly higher, if you're used to ~10ms ping from your home to your data center.

Grabbing a page from my website over tor and over normal network:

    curl http://mywebsite
    curl https://mywebsite
    curl --proxy socks://127.0.0.1:9050 http://mywebsite
    curl --proxy socks://127.0.0.1:9050 https://mywebsite

Results in these times (tor times depend on selected circuit):

    0.028s / http
    0.063s / https
    0.394s / tor http
    1.079s / tor https

If I killall -HUP tor (force changes circuit):

    0.302s / tor http
    0.598s / tor https

[GordonS]

If you last tried it several years ago, you will be pleasantly surprised with how fast it is now (I was). It used to be practically unusable, but most of the time I now don't notice any slowdown at all for normal browsing.

[IngoBlechschmid]

It isn't for me. Nowadays I never not surf using Tor. Even video platforms work without any bothersome delay.

[anigbrowl]

No, it's pretty decent now