[navyrain]

This sort of this is pretty exciting. Now that users are aware of NSA hijinks, and are familiar with the Privacy modes of their current browsers, I'd like to see Mozilla move towards a "Super Privacy" mode where they route over a built-in Tor client.

Of course, the dream would be to have all Firefox clients run Tor relay nodes out of the box, backed by Mozilla-supported exit nodes.

[mccr8]

As hackuser says elsewhere, Tor is not really a fire-and-forget security solution. My understanding is that in order to use it without compromising yourself you need to have a fairly sophisticated understanding of its limitations.

[higherpurpose]

But isn't that the point of Incognito mode in the first place? To only use it in certain situations when you need extra privacy? I doubt too many try to login through Facebook using the Incognito mode, or at least they wouldn't use their real accounts.

Mozilla just needs to enhance Incognito mode (or create a new mode) with Tor.

[DSMan195276]

My understanding was always that Incognito mode was only intended for instances when you didn't want browsing history saved, not instances where you wanted to protect your privacy. That said, I think an 'enhanced Incognito mode' which does protect your privacy that's built-in could definitely be a good addition.

[bad_user]

The point of Private Mode is also to start with a blank session, without any cookies.

Service providers, such as Google or Facebook, are tracking users even when they aren't logged in, by setting unique identifiers in cookies with a very long age. Then as soon as you login, they can even correlate those identifiers and their history to your name should they want to.

Facebook for example is known to build profiles on people that do not have a Facebook account. And given that many websites are integrating with services provided by such companies (e.g. Google Analytics, Facebook buttons are everywhere), it's not like you have to go to Google.com or Facebook.com to be tracked.

So that's the point of Private Mode, because in Private Mode all they have is your IP. And in case we're talking about IPv4, we could be talking about a home connection, or a public Wifi, or a work connection, so to track users one needs to take a look at usage patterns coming from the same IPv4 and make a decision - home connections are what you want, as otherwise too many people are connecting from the same public wifi or work connectin.

And given the shortage of IPv4 addresses, ISPs have switched to dynamically allocated IPs at least for home subscriptions. Mobile phone operators are doing the same thing - an IPv4 coming from a mobile phone doesn't even tell you the user's city.

It will be interesting to see how we'll be able to protect ourselves along with the switch to IPv6, but in the meantime, yes Private Mode has everything to do with privacy.

[GigabyteCoin]

That could easily change with the help of a well funded team like Mozilla.

[UweSchmidt]

A lot of internet usage is logging in to Email, FB. If you do that an attacker knows that this particular user is you. Not sure how that can be "fixed" easily.

To recap the current situation: You need to run a normal browser (for convenience) for facebooking (of course running NoScript, Ghostery, RequestPolicy etc.) and the Tor browser for researching things you don't want to be associated with your identity (yet nothing that law enforcement or intelligence agencies care about).

[MrJagil]

"A lot of internet usage is logging in to Email, FB. If you do that an attacker knows that this particular user is you. Not sure how that can be "fixed" easily."

When data is inputted to a HTML-form an alert could pop up. "Disclosing your login details may compromise your privacy" At least that would educate users, similarly as the warning text on Chromes New Tab incognito page.

[cookiecaper]

It couldn't. It'd take a fundamental re-architecture of Tor to implement a solution, but you also actually have to solve the problem, which is pretty hard too.

[dingaling]

> Of course, the dream would be to have all Firefox clients run Tor relay nodes out of the box

Even the Tor Project themselves recommend against running an exit node on a home computer. Too many risks of investigation and seizure of assets.