Tor project decides to fork Firefox

Seems like a good idea. I agree with the article: TorButton is convenient, but it's confusing and it can easily leak information about you. Two browsers (one private, one public) is much easier to reason about. And, being able to iterate quickly and not saddle "normal" Firefox users with the mistakes is an added benefit.

I think this is an excellent decision -- the "toggle" design seemed seriously unsafe. Consider the list of TorButton bugs that have already been fixed: <a href="https://trac.torproject.org/projects/tor/query?group=priority&#38;component=Torbutton&#38;order=priority&#38;col=id&#38;col=summary&#38;col=component&#38;col=type&#38;col=status&#38;col=priority&#38;col=milestone&#38;col=points&#38;report=14&#38;type=defect" rel="nofollow">https://trac.torproject.org/projects/tor/query?group=priorit...</a> How much would you bet that there isn't at least one more anonymity-compromising bug in there?<p>The new design seems much less Rube-Goldbergy. That said, I still think this style of interface offers only quite casual protection, since it relies on (the forked version of) Firefox not having any bugs that leak information. So any adversary who has enough resources to obtain a zero-day Firefox exploit that allows arbitrary code execution is able to completely deanonymize you. This is probably good enough for e.g. the masses in Iran, but not for would-be Wikileakers.<p>What I really would like to see is a virtual machine setup that lets you run your webbrowers in a VM, and provides the guest OS with a simulated network interface which actually connects through Tor. That would make for a much smaller attack surface. But last time I looked, I couldn't find one.

Firefox is millions of lines of C++ and has had more than one fix-it-NOW security issue. I see the problems with the Torbutton model, but a one-man fork is not necessarily a good idea either.<p>Still, I hope it works.

<a href="http://en.wikipedia.org/wiki/XeroBank_Browser" rel="nofollow">http://en.wikipedia.org/wiki/XeroBank_Browser</a><p>Xerobank has done the same thing. Firefox has a lot of options that need tweaking if you don't want to leak information. These guys also run a private "Tor" network.

So changes get pushed immediately in their own fork but are they again pushed upstream for the general Firefox release? I would presume that many of the changes that they would like to make to the project, while not high enough priority for the Mozilla team, would actually be beneficial to them.

This is a silly title. The focus here is dropping of the browser extension and moving resources to a customized version of Firefox.

i'm confused. is this also the end of vidalia? how will i use tor w chrome?