Hi everyone,
Better late than never, here's the recap from the second part of Browser vision exercise that we run at the start of March.
I would like to organise the points discussed during these sessions and also on the email thread into the three areas outlined by Isabela in her email:
Anti Censorship / Surveillance / Tracking
- Smarter bootstrapping
- What’s next for tor launcher?
- Incorporate OONI data to help user make informed configuration decisions
- Automate configuration decisions whilst keeping users safe
- Better tracking and fingerprinting resistance
- Canvas-like software rendering (is this the same as window dimension spoofing below?)
- Incremental redirect protection
User Experience - some of these touch on some of the other areas too
- UI polish + product cohesion
- Action: Let’s make a list of UI “smells”
- User Journey mapping
- Warnings and notifications
- New identity review
- Config automation
- Smarter bootstrapping (see above)
- Opt-in Persistence to Disk
- Browser History retention (aka ability to turn off Private Browsing Mode)
- Encrypted bookmarks
- Running Tor Browser Maximised
- By ensuring users understand the risks and/or implications of maximising Tor Browser window -> Warnings and Notifications work
- By including fingerprinting protections:
- Through letterboxing
- Through spoofing window dimensions without letterboxing
New Features/Innovation
- Sandboxing analysis/planning
- Tor Browser Ephemeral sessions <- Antonela to explain further :)
- User safety work
- Protect against malicious exit nodes
- Block executable downloads over HTTP
- Let users block HTTP connections
- Don't let users bypass self-signed cert warning unless self-signed cert is independently “verified"
- Detecting when bitcoin addresses are copied on an insecure page
- Enabling Safe Browsing
I have added another category to take into account work that needs to be done but does not really fit into any wider project:
Maintenance
- ESR Releases
- Security Bug fixes
- Switch to mingw-clang
- Assess new fingerprinting vectors in ESR52, ESR60 (and ESR68)
Finally, here are some "Big Picture" discussions that we might want to have during our dev-meeting:
- Working with other organizations to ship a Tor mode/private browser mode
- Apple/Safari, Chromium, Opera
- Working with product people at these organisations
- Looking to help them introduce tor in the background, e.g for telemetry, updates pings, etc…
- promoting change within the whole ecosystem
- advocating for feature parity with Tor Browser
- Working with web standards bodies and/or legislators
- Initiate a cross-browser working group to create standards for browser privacy.
- Evangelising to web service providers
- how to avoid broken usability for Tor Browser users
- being profitable without the need for “creepy” tracking
One thing we did not really talk about though are what are the principles we should have in mind when designing and implementing new features? Here's a few I took from our emails and discussions on this topic to get us started:
- User first
- Secure by default
- Providing the best anonymity/privacy tool for users
This is my interpretation of what has been discussed so far, so please correct me if I’ve made any incorrect statements/assumptions and add your own thoughts. If there is something I missed out, it does not mean I do not think it’s important :) there was a lot discussed and I’m sure I’ve forgotten many details. Please share them again if that’s the case!
Thank you so much to everyone that participated and shared their ideas!
Pili