Firefox Private Browsing Mode, Torbutton, and Fingerprinting

by mikeperry | June 30, 2010

Last week, Peter Eckersley and I met with the Mozilla team in Mountain view to discuss web fingerprinting, privacy and Torbutton. I gave an updated version of my Torbutton Design talk, and Peter discussed Panopticlick. Mozilla was primarily interested in hearing about these projects in the context of their Private Browsing Mode, which they unveiled in Firefox 3.5.

The primary goal of their Private Browsing Mode is to protect against a local after-the-fact attacker - an attacker that has local access to a user's filesystem after browsing has taken place. They offer some limited protections against a network adversary, but this was not their initial goal, and is primarily a side effect of trying to protect against "helpful" web services, such as Google Search History, which record your activity somewhere other than your PC.

This is a significantly weaker adversary model than the one used in the Torbutton design. As a result, from the point of view of Tor usage, Firefox Private Browsing mode suffers from a number of weaknesses that Torbutton does not.

In particular, Firefox does not presently concern itself with plugins, form and password autocompletion, SSL state, Live Bookmarks, external protocols and applications, or browser fingerprinting. The Applied Crypto research group at Stanford recently published a comparison of the four major browser's private browsing modes against a dedicated local and remote adversary which details some of these issues.

It turns out there is some developer interest inside Mozilla in improving resistance to fingerprinting, improving privacy against third party content, and hardening their Private Browsing Mode in general, despite most of these issues being outside of their original model. The current plan is to investigate what would be necessary to develop an Anonymous Browsing Mode that would either take the form of a privacy setting, an enhancement to Private Browsing Mode, or an entirely independent browsing mode. The trick now is to transform this developer interest into something that motivates the Firefox Product Management team to get fully behind the proposed improvements.

As such, Peter and I have been spending some time updating the Fingerprinting and Anonymous Browsing wiki pages to describe who would want such privacy features, and how they would behave, as well as updating and adding relevant Mozilla Bugzilla entries. I've also updated the list of Torbutton Firefox Bugs to reflect some of the more sophisticated unsolved fingerprinting issues that were brought up during our meeting.

This July, the two of us will be doing the same thing with the Google Chrome Privacy Team in Berlin while at the Privacy Enhancing Technologies Symposium. This is primarily to follow up on a meeting we had with Google in December, where we discussed the barriers to the development of a Torbutton for Google Chrome, and to discuss relevant fingerprinting issues and similar shortcomings of the Google Chrome Incognito Mode.

Look for a future blog post in August detailing the results of that discussion.

Comments

Please note that the comment area below has been archived.

June 30, 2010

Permalink

Hi!!!!!!!!!

This is a great opportunity to bash Mozilla (Googlezilla) and Google!!!!! Well, yeah they're almost the same thing!!! haha!!!!!!!

Google Chrome is just a trash browser, it belongs to the Google's idea to conquer the world, and it's a piece of the imperialistic way of Google to do things!!! Expanding itself everywhere and controlling the others!!!!! Google is the same multinational company who said to leave China, then it changed idea, then it changed idea again and again... and if you read the news of yesterday, it seems like Google doesn't care the least bit, and it's okay to accept censorship because Google is well-willing to support everyone's censorship!!!! Yeah, google is a multinational company, it has shareholders to make happy!! Google doesn't care about anyone's privacy nor freedom!!!! Google is the leader of online advertising too!! It's very interested in tracking users!!!!!!!!!!!!! Quit mistaking Google with a good Samaritan!!!!!!!!!!!
There is also this thing about "Google Chrome" and "Google/Mozilla Firefox"!!!!
Mozilla has been corrupted by Google's donations (i like to call them "bribes"!!!!). So, you've got in Firefox as the default search engine, the web search engine of the most anti-privacy company ever (GOOGLE!!, look at the report of privacy international) and if you look at the search-plugins of Firefox you may as well notice tracking parameters in the queries to send to google!!!!! (client=firefox-a & client=firefox & rls=org.mozilla:en-US:official) Anyway, it's AMO (addons.mozilla.org) the worst piece of Mozilla, it's the most corrupted!!!!!
Firefox is linked to Google, and of course Chrome is linked to Google too!!! The effect of Google's invasion is very easy to notice!!!! So, it's like saying that Google has TWO browsers!!!!!!! Its Chrome and controls Firefox!!!!!
You don't have to wonder why the bug "280661 - SOCKS proxy server connection timeout hard-coded" is five years old and nobody wanted to patch it yet!!!!! If that bug had been solved, you could use Firefox+TOR without needing an HTTP proxy (like polipo!!) Chris wrote a patch, but Mozilla didn't yet merged it with the main source code of firefox!!! Because, they asked for somebody to review the code... but at Mozilla nobody is interested!!! Yeah, nobody at Mozilla has time to spend to review a patch they're not interested in!!!!!!!!!!! At the same time, don't forget it's a five years old bug, Firefox evolved into a Bloatware!!! For instance, you've got Firefox supporting useless and very ugly "PERSONAS"... and at the same time, the useful patch to improve SOCKETS has been forgotten, and at the same time Google managed to release its own light web-browser!!!!!!!!
It's sadly funny, if you think that firefox born as a light version of SeaMonkey!!!!!! (former Application Suite, former Netscape)!!
For Mozilla PERSONAS were the priority and patching the SOCKETS has not been done yet!!!!! Chris was forced to write test-case applications, and i think he was hopeful that to be the last step before having his patch published, merged together with the main source code of FIREFOX!!!!!!!!!!!!!!! Mozilla has recently added to Firefox a new feature to run Plugins as separated processes!!! well, yeah, i can say that one to be a nice improvement and much more useful than Personas, but again, that improvement brought into Firefox a lot of bugs, one of which doesn't allow you anymore to build Firefox removing the support for plugins!!!!! Yeah, Chris had to write a testing tool just to waste some of his time, on the other hand non-working and useless patches and features went through reviews and accepted in no time!!!! with the main and only consequence, that one of the most useful options to build firefox, to have it much more stable than ever and much more privacy-oriented, doesn't work anymore!!!!!!!!!!!!!!!!!!! (https://bugzilla.mozilla.org/show_bug.cgi?id=574950 they wrote "resolved", but it hasn't been resolved yet!!!). Surely, if this makes feel you happy, you've got ugly personas to look at!!!!!!!!!!!!!!!!! ahah!!!!!!!!
Neither Mozilla (Googlezilla) nor Google, are for real interested in their users privacy!!!!!! AMO is continuously tracking users via the addons system, google wants to track you due to Analytics/Adsense/etc... Mozilla doesn't care about useful improvements for Firefox and useful patches, because all they're doing is to turn Firefox into a non-working bloatware!!! And Google began to spread its own web browser!!!!
Before the "Anonymous Browsing Mode" it would be better for Mozilla to remove all the Google's fluffs from Firefox and to apply to it the real useful patches!!!!!!!!!!!!!!!!!!! Because nobody cares about new features in an impaired browser!!!!!!!!!! Also, it would be better for the TorProject to leave alone google!!!!the evilest multinational company ever!!!! It sounds Google, it sounds familiar, but it's what's going to betray you!!!!!!!!!!!!!!!!!

bye!!!!!!!! ~bee!!!!!!

Finally A STEP AHEAD for MOZILLA!!!! (and this is an important one!!!!!!!!!!!)

All Firefox versions >= 3.6.4 build again!!!!!!!!! There is a workaround to build firefox without the plugins support in these recent versions!!! You need, also, to disable the plugins isolation!!!!! It's possible adding "--disable-ipc" to the configure command!!!!!!!!!
« https://bugzilla.mozilla.org/show_bug.cgi?id=574950 »
Well, yeah, i've also updated FireFox in Factorbee!!!! Tested it, and everything works!!!!!!!!!!!!!

bye!!!!!!!!!
~bee!!!!

Another update!!!!!!!! About google this time!!!

http://news.bbc.co.uk/2/hi/business/10566318.stm

«The Chinese government has renewed Google's licence to operate in China»
«The licence renewal is key to Google. Losing business in China, which already has more internet users than any other country despite relatively low penetration, could harm the company's future growth prospects.»

Haha!!! Well, at least shareholders are happy!!!!!!!!
Of course, Google's being an evil multinational company always ready to betray their promises and collaborating with pro-censorship governments, like the chinese gov, doesn't stop the TorProject to use the Google Summer of Code projects!!!!!!!!!(just to name one!!) hah!!! Misconceptions!?! naw!! It's surely coherent, making a tool to fight censorship, introducing evasion mechanisms like "bridges" made on purpose against the china's great firewall... and then collaborating with multinational companies like Google!!!!!!! (allied, or to say the least subjected, to the pro-censorship folk!!!!!!!!!!!) !!!!!!!!!!!! lol!!!!!!!!!!!!!!!!!!!! Well, that's the result of "capitalism"!!!!!! and funnily, it has the same result of Soviet communism!!!!! haha!!!!!!!!!!!

bye!!!!!!!!
~bee!!!!

June 30, 2010

Permalink

Good luck with the development, its a shame that there are so many barriers to great plug ins.

July 06, 2010

Permalink

How about developing a TOR button for K-Meleon? It's an open source browser and it uses less system resources than Google Chrome.

July 31, 2010

Permalink

hi~ when i use firefox-tor , i can't use the adobe plus,so i can't browse the youtube video ,i was so depressed about that ,can you tell me how can i copying with it, thank you!!

July 31, 2010

Permalink

hi~ when i use firefox-tor , i can't use the adobe plus,so i can't browse the youtube video ,i was so depressed about that ,can you tell me how can i copying with it, thank you!!