Security/Fennec+Tor Project

From MozillaWiki
Jump to: navigation, search

Requirements

In order to empower Fennec the same capability as Orfox, the Tor Browser on Android, we have to meet the following minimal requirements.

  • All network connections (Gecko and Java code) must be proxied.
  • Only allow incognito mode (e.g. turn off JavaScript, WebRTC, etc.)
  • Run NoScript and HTTPS Everywhere
  • Apply all the Tor Browser patches


Value Proposition of Tor on Fennec

It would be awesome if Fennec could prompt the user with something like "you have Orbot installed, which is a secure network proxy which allows to:"

  • Bypass censorship
  • Improve network security on unsecure network
  • Access .onion sites

Caveat!!
Before we are certain that Fennec has the same level of anonymity features as Orfox does, don't use the word anonymous because it provides a false sense of security to users.

Bug Tracking

All Fennec+Tor bugs are being tracked by the meta bug: bug 1357994 - [META] Tor on Fennec

Priority Definition

  • P1: Must Have for MVP
  • P2: Nice to Have
  • P3: Backlog
  • P5: Not in our plan but welcome to patches


Dashboard

P1 Bugs

Full Query
ID Summary Priority Status Product Component Assigned to Depends on Whiteboard
1358361 Move prefs of First Party Isolation and resist fingerprinting to all.js P1 RESOLVED Firefox for Android Graveyard General Ethan Tseng [:ethan] [tor][tor-mobile]
1169421 Switch Fennec to use ch.boye instead of org.apache.http to allow for building with Android M SDK 23 P1 RESOLVED Firefox for Android Graveyard General amoghbl1 [tor-mobile]
1174244 Switch in-tree Adjust SDK to use ch.boye instead of org.apache.http to allow for building with Android M SDK 23 P1 RESOLVED Firefox for Android Graveyard General Nick Alexander :nalexander [he/him] 1169421, 1183061 [tor-mobile]
1362931 Proxy the connections that use ch.boye.httpclientandroidlib P1 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1357997 Replace url.openConnection with ProxySelector.openConnectionWithProxy P1 RESOLVED Firefox for Android Graveyard General Jonathan Hao (inactive) [:jhao] 1366716 [tor-mobile]
1358039 Add an option in Fennec's Setting/Advanced/Experiment Features to connect to Orbot P1 RESOLVED Firefox for Android Graveyard Settings and Preferences Jonathan Hao (inactive) [:jhao] [tor-mobile]
1314784 Collect Telemetry on how many Fennec users also have Orbot installed P1 RESOLVED Firefox for Android Graveyard General Tom Ritter [:tjr] [tor-mobile]

7 Total; 0 Open (0%); 7 Resolved (100%); 0 Verified (0%);


P2 Bugs

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);


P3-P5 Bugs

Full Query
ID Summary Priority Status Product Component Assigned to Depends on Whiteboard
942652 Proxy support for background services P5 RESOLVED Firefox for Android Graveyard Android Sync [tor-mobile]
1282826 Move from ch.boye to cz.msebera P5 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1314776 Create a pref that will add FLAG_SECURE for the entire app. P3 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1314778 Make AccountManager related code pref-able P5 RESOLVED Firefox for Android Graveyard Firefox Accounts [tor-mobile]
1314793 Creating Testing Framework for Proxy Bypasses for Fennec P5 RESOLVED Firefox for Android Graveyard General 507641, 1373550, 1373552, 1459420 [tor-mobile][tor-testing]
1337647 Make a prototype of Fennec connecting to Tor network P3 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1358040 There should be a status notification when Fennec's is connecting to the Tor network P3 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1371180 Create compiler switches to remove features which Orfox must remove or disable P3 NEW Firefox Build System Android Studio and Gradle Integration [tor-mobile]
1376601 Fennec should prompt users to download (or use if installed) Orfox when clicking on an onion link P3 RESOLVED Firefox for Android Graveyard General [tor-mobile] [tor]
1377509 Enable Fennec to populate first party domain as socks username P5 RESOLVED Firefox for Android Graveyard General [tor-mobile]
1314443 Audit the existing disable WebRTC preferences and ensure they work as advertised P3 ASSIGNED Core WebRTC Tom Ritter [:tjr] [tor][fingerprinting][tor-mobile][fp-triaged]

11 Total; 2 Open (18.18%); 9 Resolved (81.82%); 0 Verified (0%);


To Be Triaged

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);