This is <i>really</i> dangerous.<p>Even enthusiasts mix up the anonymity offered with Tor with security.<p>I can almost guarantee that this will do waaaay more harm than good. People will enable this and think they are safe while they are suddenly routing all their cleartext through an untrusted third party (that is, very often, malicious).<p>At the very least a lot of passwords will be gathered (alongside email in a lot of cases) in insecure and unencrypted forums etc. And since most people have the same password for unencrypted forums as their email, facebook and twitter...<p>For this to work it will have to be an option buried deep and before enabling it you'd have to have a huge nag box (the size of a blue screen) that clearly shows the dangers of this. And although <i>many</i> have tried I haven't seen any implementation of such a nag box that actually works (forces the user to think and not just press "OK"/"YES"). And even if it did work people won't understand it, at most they will understand that "okay, this is risky" but they have no way of evaluating that risk since they have no idea what they really are enabling.<p>That said, Tor inbuilt into firefox would be <i>awesome</i>. I just can't imagine it doing more good than harm.
I think that a good, incremental first step would be adding ToR into Firefox with support for the .onion domain. This offsets the problem that there could be potentially dangerous exits sniffing your traffic. Additionally, this makes ToR space much more accessible. The (slight) problem of this is that it'll probably put significantly higher load on the ToR relays, and considering that they're already over capacity, it could hurt ToR badly.<p>Maybe, the relay code could be bundled into Firefox, and there could be a toggle for "make me into a relay"
This wouldn't work at all for mainline Firefox, or at least wouldn't be 'secure' as users might be thinking.<p>One at least needs to have JavaScript disabled when on Tor or you'll easily be compromised and Firefox 23 now ships with JavaScript always-on.<p><a href="http://boingboing.net/2013/08/04/anonymous-web-host-shut-down.html" rel="nofollow">http://boingboing.net/2013/08/04/anonymous-web-host-shut-dow...</a>
My last experience with Tor was somewhat painful due to the sluggish nature of it. If Firefox added Tor as a feature, making Tor "mainstream", could the existing Tor network handle the extra load?
I got my wife banned from EsperNet IRC because I was playing around with Tor one evening. Here is their policy:<p><a href="http://www.esper.net/rbl.php" rel="nofollow">http://www.esper.net/rbl.php</a><p>Our ip-address at home ended up on a blacklist. Eventually the ban was lifted but my wife was not happy for a couple of days ...<p>I wonder if there are other services (IRC, MMO, etc...) that adopt a NO TOR policy.
This would be great in terms of creating the 'egg' to enable the 'chicken', ordinary web sites, to provide their service over Tor hidden services.
I really doubt it would become a one-click privacy measure: If you like to participate in an onion-routed, privacy enhancing, anonymity network, why put it in an browser?<p>A browser accesses that network, it is the weakest and least point in that setup.<p>Because tor has no gui? Use vidalia (see <a href="https://www.torproject.org/projects/vidalia.html.en" rel="nofollow">https://www.torproject.org/projects/vidalia.html.en</a>).<p>There are so many ways to track an individual, independent of the network, with java-script, extensions, addons, plugins, client-side-caching that even if tor becomes a feature in firefox, the slightest unmitigated problem, even your behavior may compromise your privacy.
How is going to provide the ridiculously large requirement of exit nodes is this hits production? Don't exit nodes cost money in the sense that there is huge risk involved in running one?
It would be fine to just have the feature so <i>.oninon sites are accessible. To get more than that requires education, much like an aircraft pilot. One small mistake and you may literally get yourself and others killed. Even Tor Browser can't be trusted, due to bugs. A bare beginning solution is a firewall to block non-Tor connections:<p><a href="http://www.reddit.com/r/onions/comments/1l15hx/10_steps_to_make_tor_safer_with_pfsense/" rel="nofollow">http://www.reddit.com/r/onions/comments/1l15hx/10_steps_to_m...</a><p>Without that, you're just the Titanic happily floating across the ocean without making sure you've got enough lifeboats if something goes wrong. Should failure always mean death? Is it too much to ask to insist on a firewall safety net to block non-Tor connections when the next bug is found in the Tor Browser Bundle (or whatever)?<p>I'm all for making </i>.onion sites reachable, as long as that's the only thing this new feature promises to do. It would make *.onion sites mainstream, which is good for everybody. Strength in numbers, heard immunity, get lost in the crowd - that's precisely what Tor relies on to achieve its most basic goals. Taking Tor mainstream with support in Firefox would mean there would be more Tor users for the seriously privacy-paranoid to hide behind.
If it only works with secure connections, and there's a general improvement in bandwidth and it prompts some big non-profits-with-profits like Mozilla to actually run exit nodes in countries that don't cooperate with other exit-node countries, then ... yes, it could be a little bit better.
I hope this doesn't happen. I would uninstall Firefox, and not even test development for our application in Firefox. Maybe I could test some other gecko-based browser, like SeaMonkey, but I don't want anything tor related on my computer.
This seems like a nice idea, but the developers of Firefox have made it more than known they would prefer to argue the inclusion and removal of version numbers as opposed to actual issues. Look how long it took them to fix the memory leaks that plagued the browser since version 2 and were only not long fixed?<p>It's easy enough to set Tor up with Firefox yourself. Perhaps all that is needed is an easy to understand and access Tor guide. Perhaps the first page you see upon loading Firefox after installing or updating is a, "We recommend you use Tor for a safer browsing experience" and then give some scenarios where Tor should and shouldn't be used.