Mozilla Research Call: Tune up Tor for Integration and Scale
What alternative protocol architectures and route selection protocols would offer acceptable gains in Tor performance? Would they preserve Tor properties? Is it possible to improve Tor performance without changing protocols? Is it truly possible to deploy Tor at scale? And what would the full integration of Tor and Firefox look like? Those are some of the questions that Mozilla is calling researchers to answer in the privacy & security part of their Mozilla Research Grants program:
“Mozilla has an interest in potentially integrating more of Tor into Firefox, for the purposes of providing a Super Private Browsing (SPB) mode for our users. Tor offers privacy and anonymity on the Web, features which are sorely needed in the modern era of mass surveillance, tracking and fingerprinting."
Integrating Tor into Firefox would bring real private browsing and a safer internet experience to an unprecedented number of people around the world. But Tor has never been deployed at this scale, and there are a lot of considerations to research before Mozilla gives this a try.
Our community and software benefits greatly from the research community, so we are eager and available to discuss any proposal or idea you are considering to submit to Mozilla’s program. Here are some tips around what we think good research needs to do in order to ensure it has the best chance of being adopted by Tor or any other large software project.
Tor has many lists of research ideas, which we are working to consolidate. With respect with this request for proposals, the most useful place to start is the performance section of our open research problems blog post. That section discusses congestion control, datagram Tor, and load balancing problems and ideas.
The exit censorship problem is also a major usability barrier to using Tor, and research into cryptographic rate limiting systems based on newer anonymous credentials would also be in-scope.
Since the 2018 research topics blog post, we posted additional material discussing the need for frameworks to accurately measure side channels in current Tor versus protocol proposals providing congestion signaling of various kinds. Importantly, such frameworks allow us to compare various ways of reducing congestion on the Tor network via datagram designs or explicit congestion notification in current Tor.
Finally, with Walking Onions, we could drastically lower Tor's consensus interval to provide faster load balancing feedback. What are the consequences of this change in terms of additional traffic to relays? How much benefit do we get for this? See the Load Balancing subsection of the Network Performance research topics for related load balancing ideas that could benefit from a faster consensus interval.
We will continue updating our wiki page on network performance research, and we are available to discuss any idea you may want to submit to Mozilla, as well as to help make sure that you can have a strong story about how your research plan will work together with Tor: Please email us at email@example.com.
The deadline to apply for the grant through Mozilla is May 31, 2019.
At first Mozilla should start to also protect their non-Tor users by default. Things like the studies system which allows Mozilla to remotely change your browser settings or install AddOns for an experiment are a big NO for privacy-savvy people.
In some way I agree. Yet, I also see how collecting information and having capabilities to run studies help to advance Firefox. Of course, it would be great if studies, crash reporting, usage statistics and all other information sent to Mozilla could be made even more privacy friendly. I personally am willing to accept a bit less privacy to help Mozilla and Mozilla, nicely enough, asked if I'd be willing to share some information.
Soon they're also doing their own DNS resolving (with CloudFlare DoH) by default, which will lead to big headache for many admins when every application does DNS resolving themself and not letting the system do their job...
Being an sysadmin myself, I know this will break some of our company network setup which isn't too great. Still, there is a bigger picture to consider, this will render esni useful. This is a feature very important for privacy and censorship prevention. While I agree the operating system should do it, I don't see support for DNS over TLS (or any other secure DNS resolving) to be ready and deployed any time soon. Hence, it's great to see Mozilla and Cloudflare step up and try to improve the situation.
Before anyone complains about Cloudflare being involved. Let's not forget that they could have ignored broken DNS entirely. Yet, they decided to do something. Well done Cloudfare! Instead blaming them for having to monopoly when it comes to DNS over HTTPS and DNS over TLS, we should make sure there are alternatives.
Mozilla should go back to their roots and be the privacy-browser for everyone.
I'm not sure what you mean by their roots. Back in 1998 when Mozilla was founded, privacy on the Internet wasn't a concern. Also, I don't think Mozilla has ever been more aware of the importance of privacy. Just look at how Mozilla has been supporting Tor, improved tracking protection and implemented containers. It is my believe that the Internet used to be more private, whether or not you used Firefox, not because browser have degraded but rather because the internet changed. Marketing and thus tracking on the internet is a rather new phenomenon and so is mass surveillance and, thus, privacy concern are rather recent too.
Only this way they can regain their market share. The organization of Mozilla should be replaced with different people, the current ones are only leading to more market share decrease.
Would you mind explaining how replacing the people would make any difference? What would you expect them to do differently that would improve the situation? I'm not much of a sales person. So, I don't know what would have to change to get people to use Firefox.
when will tor browser use them?
I don't know if there is any plans of making containers available in Tor Browser. However, First Party Isolation used by Tor Browser uses the same technology.
A blog post from the Tor Project described it this way:
Our first major target in the uplift project was a feature called <a href="<a href="https://www.torproject.org/projects/torbrowser/design/#identifier-linkability">First" rel="nofollow">https://www.torproject.org/projects/torbrowser/design/#identifier-linka…</a> Party Isolation</a>, which provides a very strong anti-tracking protection (at the risk of breaking some websites). Mozilla formed a <a href="<a href="https://wiki.mozilla.org/Security/FirstPartyIsolation">dedicated" rel="nofollow">https://wiki.mozilla.org/Security/FirstPartyIsolation">dedicated</a> team</a> to take the First Party Isolation features in Tor Browser and implement them in Firefox, using the same technology we used to build the <a href="<a href="https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/">containers</a>" rel="nofollow">https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-…</a>; feature. The team also developed thorough test and QA processes to make sure that the isolation in Firefox is as strong as what’s in Tor Browser -- and even identified some ways to add even stronger protections. The Mozilla team worked closely with the Tor Browser team, including weekly calls and an in-person meeting in September.
no, it's a different feature.