Security/Fusion

Fusion (Firefox USIng ONions) is a Mozilla project, in collaboration with the Tor Project, to bring the cutting-edge security and privacy features to Firefox users by leveraging the technologies of Tor Browser and Tor Proxy.

Current pages:

• Fusion for Esr140
• Fusion for Esr15X
• Resources

Background

Fox protected by onion (not ai generated lol)

The Firefox and Tor Browser teams are long-time collaborators. The Tor Browser team builds Tor Browser by adding privacy-enhancing patches to Firefox ESR. When this process first began, the Tor Browser team would have to update these patches each time a new version of Firefox was released, which was very time intensive.

In 2016, we started the Tor Uplift project to take the Tor Browser patches and "uplift" them to Firefox. When a patch gets uplifted, the Firefox team takes the change Tor Browser needs and adds it to Firefox. These changes in Firefox are disabled by default but can be enabled in preferences. Because preferences can be changed rather than updating each patch, the Tor Uplift project saves the Tor Browser team a lot of work.

The primary targets of the Tor Uplift project were two features: First Party Isolation and Fingerprinting Resistance. First Party Isolation was shipped in Firefox 52 (off by default); the MVP of Fingerprinting Resistance will be shipped in Firefox 59 (also off by default).

Tor Uplift also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience. That's the goal of Fusion, the next big step of the collaboration between Mozilla and Tor.

Fusion was initiated in 2018. Mozilla and the Tor Project are working closely on this project.

Fusion is being revived in 2025. Exact goals are still to be figured out.

Project Vision

Mozilla and the Tor Project are aligned with each other on the mission to protect user privacy on the Web.

• The fourth principle of The Mozilla Manifesto is "Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional."
• The Tor Project's mission is "to advance human rights and freedoms by creating and deploying free and open anonymity and privacy technologies."

We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world by bringing cutting-edge privacy enhancing technology to more users.

Motives

Further incentives for working together for Mozilla:

• Leverage engineering effort Tor Browser developers put into Tor Browsers on building the fingerprinting protection to include these protections for a wider audience
• Collaborate with experts on browser privacy to advance privacy protections in Firefox
• Eventually provide a mode with same privacy guarantees as Tor Browser

Incentives for Tor Browser folks:

• Being able to bring more protections to Tor Browser that currently wouldn't be feasible with the rebase workflow
• Reduce rebasing efforts for shipping Tor Browser freeing up engineering resources for other tasks
• Eliminate barriers for landing patches in Firefox to contribute directly to mozilla-central

Project Goals

The ultimate long-term goal of Fusion is to integrate full Tor Browser features in Firefox. There are many potential paths for our project, including enabling some features by default, others only in Private Browsing Mode while some only in ETP-Strict. If the protection doesn't fit in any category, it is possible to land it behind a pref disabled in all Mozilla channels.

We need a lot of research and experiments to support the decision-making for the final solution. However, the clear short and mid-term goals are:

• We will improve Fingerprinting Resistance by
  • making fingerprinting resistance more user-friendly,
  • minimizing Web breakages caused by fingerprinting resistance, and
  • conducting a browser fingerprinting analysis research project to help us figure out the best defense strategy
• We will implement a proxy bypass testing framework for Firefox
• We will determine how best to integrate the Tor proxy into Firefox
• We will allow First Party Isolation and Fingerprinting Resistance to be enabled only in Private Browsing Mode

Project Lists

Tor Uplift

The Tor Uplift project is aimed at landing all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.

First Party Isolation

The First Party Isolation project is part of the Tor Uplift initiative.
It implements one of the Tor Browser core features (Cross-Origin Identifier Unlinkability).
First Party Isolation (also called "double keying") was incorporated in Firefox 52 with the preference "privacy.firstparty.isolate". It provides a very strong anti-tracking protection by preventing third parties from tracking users across multiple sites.

Fingerprinting Resistance

The Fingerprinting Resistance project is part of the Tor Uplift initiative.
It implements another Tor Browser core feature (Cross-Origin Fingerprinting Unlinkability).
Fingerprinting Resistance (also called "anti-fingerprinting") was incorporated in Firefox 59 with the preference "privacy.resistFingerprinting". It is a defense against browser fingerprinting, which is a widely used Web tracking technology to identify individuals.

Getting Involved

The easiest way to get involved in the Fusion project is to help us writing code, running tests and filing bugs.

If you are interested in contributing to Fusion, drop by:

• the #tor-browser-dev IRC channel, also bridged to matrix on #tor-browser-dev:matrix.org, or
• the #anti-tracking:mozilla.org matrix channel

External Links

• Video: How Tor Browser Protects Your Privacy and Identity Online
• The Design and Implementation of the Tor Browser
• Tor Blog, Tor at the Heart: Firefox
• wiki page from Tor project