Security/Fennec+Tor Project
From MozillaWiki
< Security
Contents
Requirements
In order to empower Fennec the same capability as Orfox, the Tor Browser on Android, we have to meet the following minimal requirements.
- All network connections (Gecko and Java code) must be proxied.
- Only allow incognito mode (e.g. turn off JavaScript, WebRTC, etc.)
- Run NoScript and HTTPS Everywhere
- Apply all the Tor Browser patches
Value Proposition of Tor on Fennec
It would be awesome if Fennec could prompt the user with something like "you have Orbot installed, which is a secure network proxy which allows to:"
- Bypass censorship
- Improve network security on unsecure network
- Access .onion sites
Caveat!!
Before we are certain that Fennec has the same level of anonymity features as Orfox does, don't use the word anonymous because it provides a false sense of security to users.
Bug Tracking
All Fennec+Tor bugs are being tracked by the meta bug: bug 1357994 - [META] Tor on Fennec
Priority Definition
- P1: Must Have for MVP
- P2: Nice to Have
- P3: Backlog
- P5: Not in our plan but welcome to patches
Dashboard
P1 Bugs
| ID | Summary | Priority | Status | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|---|
| 1358361 | Move prefs of First Party Isolation and resist fingerprinting to all.js | P1 | RESOLVED | Firefox for Android Graveyard | General | Ethan Tseng [:ethan] | [tor][tor-mobile] | |
| 1169421 | Switch Fennec to use ch.boye instead of org.apache.http to allow for building with Android M SDK 23 | P1 | RESOLVED | Firefox for Android Graveyard | General | amoghbl1 | [tor-mobile] | |
| 1174244 | Switch in-tree Adjust SDK to use ch.boye instead of org.apache.http to allow for building with Android M SDK 23 | P1 | RESOLVED | Firefox for Android Graveyard | General | Nick Alexander :nalexander [he/him] | 1169421, 1183061 | [tor-mobile] |
| 1362931 | Proxy the connections that use ch.boye.httpclientandroidlib | P1 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1357997 | Replace url.openConnection with ProxySelector.openConnectionWithProxy | P1 | RESOLVED | Firefox for Android Graveyard | General | Jonathan Hao (inactive) [:jhao] | 1366716 | [tor-mobile] |
| 1358039 | Add an option in Fennec's Setting/Advanced/Experiment Features to connect to Orbot | P1 | RESOLVED | Firefox for Android Graveyard | Settings and Preferences | Jonathan Hao (inactive) [:jhao] | [tor-mobile] | |
| 1314784 | Collect Telemetry on how many Fennec users also have Orbot installed | P1 | RESOLVED | Firefox for Android Graveyard | General | Tom Ritter [:tjr] | [tor-mobile] |
7 Total; 0 Open (0%); 7 Resolved (100%); 0 Verified (0%);
P2 Bugs
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
P3-P5 Bugs
| ID | Summary | Priority | Status | Product | Component | Assigned to | Depends on | Whiteboard |
|---|---|---|---|---|---|---|---|---|
| 942652 | Proxy support for background services | P5 | RESOLVED | Firefox for Android Graveyard | Android Sync | [tor-mobile] | ||
| 1282826 | Move from ch.boye to cz.msebera | P5 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1314776 | Create a pref that will add FLAG_SECURE for the entire app. | P3 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1314778 | Make AccountManager related code pref-able | P5 | RESOLVED | Firefox for Android Graveyard | Firefox Accounts | [tor-mobile] | ||
| 1314793 | Creating Testing Framework for Proxy Bypasses for Firefox Android | P5 | REOPENED | Fenix | Tooling | 507641, 1373550, 1373552, 1459420 | [tor-mobile][tor-testing] | |
| 1337647 | Make a prototype of Fennec connecting to Tor network | P3 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1358040 | There should be a status notification when Fennec's is connecting to the Tor network | P3 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1371180 | Create compiler switches to remove features which Orfox must remove or disable | P3 | NEW | Firefox Build System | Android Studio and Gradle Integration | [tor-mobile] | ||
| 1376601 | Fennec should prompt users to download (or use if installed) Orfox when clicking on an onion link | P3 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] [tor] | ||
| 1377509 | Enable Fennec to populate first party domain as socks username | P5 | RESOLVED | Firefox for Android Graveyard | General | [tor-mobile] | ||
| 1314443 | Audit the existing disable WebRTC preferences and ensure they work as advertised | P3 | ASSIGNED | Core | WebRTC | Tom Ritter [:tjr] | [tor][fingerprinting][tor-mobile][fp-triaged] |
11 Total; 3 Open (27.27%); 8 Resolved (72.73%); 0 Verified (0%);
To Be Triaged
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
