One major challenge:<p>Using Tor, end users can easily and unintentionally compromise their confidentiality by disclosing information explicitly (e.g., their email logon) or implicitly (habits, browser fingerprints, and other identifiers); it takes discipline to remain anonymous on Tor and even technically skilled hidden service operators, with reason to be paranoid about illegal businesses, fail to do it. Also, leaked documents say that use of security services, including VPNs and I think Tor also, causes the data to be retained by the NSA for future decryption.<p>How can Mozilla and their partners provide confidentiality in a way that increases end-user security, rather than attracting further scrutiny or, far worse, providing dangerously false assurances? The answer cannot depend on end users understanding the technology or subtle tradeoffs; the vast majority will never understand.<p>One thought: Route all Firefox users through Tor relays by default, creating some security-through-obscurity. There are problems with that, of course, including the blacklisting of Tor relays from many sites.
This sort of this is pretty exciting. Now that users are aware of NSA hijinks, and are familiar with the Privacy modes of their current browsers, I'd like to see Mozilla move towards a "Super Privacy" mode where they route over a built-in Tor client.<p>Of course, the dream would be to have all Firefox clients run Tor relay nodes out of the box, backed by Mozilla-supported exit nodes.
More relays? That's great, but why not exit nodes?<p>Mozilla certainly has the manpower and infrastructure to operate a bunch of exit nodes, and if they have any legal qualms about it, hey, they just partnered with an EFF project, right?
Hm. I'm thinking Mozilla may be a modern day NRA.<p>The point of the right to bear arms is to protect the people from a government engaging in tyranny. The point of TOR is ideally the same. Maybe it's time to classify encryption as a weapon again.
<i>"Mozilla will help address this by hosting high-capacity Tor middle relays"</i>
Mozzila has my trust (at least for now), but concentrating large part of Tor infrastructure in a single point inside USA jurisdiction does not seem like a good and future proof idea.
This is great. Even if not all changes in the Tor Browser fork are appropriate to be merged back into Firefox (and certainly not all will be), for every one that they can merge, it both makes Firefox more secure and frees up Tor developers from maintaining those differences. Sounds like a win all around.
"Mozilla is an industry leader in developing features to support the user’s desire for increased privacy online"<p>Is that why they enable 3rd party cookies by default and hide the option to block them?<p>(Unlike Apple's Safari)