MozillaWiki

Security/Fusion: Difference between revisions

Page Discussion

Security/Fusion (view source)

Revision as of 11:48, 5 September 2025

472 bytes added ,  5 September 2025
update to known version of next esr
(update logo)
(update to known version of next esr)
 
(10 intermediate revisions by the same user not shown)
Line 2: Line 2:
'''Fusion''' ('''F'''irefox '''USI'''ng '''ON'''ions) is a Mozilla project, in collaboration with [https://www.torproject.org/ the Tor Project], to bring the cutting-edge security and privacy features to Firefox users by leveraging the technologies of Tor Browser and Tor Proxy.
'''Fusion''' ('''F'''irefox '''USI'''ng '''ON'''ions) is a Mozilla project, in collaboration with [https://www.torproject.org/ the Tor Project], to bring the cutting-edge security and privacy features to Firefox users by leveraging the technologies of Tor Browser and Tor Proxy.


This project is experimental and in the beginning phases.
Current pages:


* [[Security/Fusion/Esr140|Fusion for Esr140]]
* [[Security/Fusion/Esr153|Fusion for Esr153]]
* [[Security/Fusion/Resources|Resources]]


== Background ==
== Background ==
The Firefox and Tor Browser teams are long-time collaborators.  The Tor Browser team builds [https://www.torproject.org/projects/torbrowser.html Tor Browser] by adding privacy-enhancing patches to [https://www.mozilla.org/en-US/firefox/organizations/ Firefox ESR].  When this process first began, the Tor Browser team would have to update these patches each time a new version of Firefox was released, which was very time intensive.
[[File:Fusion3_small.jpg|right|400px|thumb|Fox protected by onion (not ai generated lol)]]


In 2016, we started the [https://wiki.mozilla.org/Security/Tor_Uplift '''Tor Uplift project'''] to take the Tor Browser patches and "uplift" them to Firefox.  When a patch gets uplifted, the Firefox team takes the change Tor Browser needs and adds it to Firefox.  These changes in Firefox are disabled by default but can be enabled in preferences.  Because preferences can be changed rather than updating each patch, the Tor Uplift project saves the Tor Browser team a lot of work.
The Firefox and Tor Browser teams are long-time collaborators.  The Tor Browser team builds [https://www.torproject.org/download/ Tor Browser] by adding privacy-enhancing patches to [https://www.mozilla.org/en-US/firefox/organizations/ Firefox ESR].  When this process first began, the Tor Browser team would have to update these patches each time a new version of Firefox was released, which was very time intensive.


The primary targets of the Tor Uplift project were two features: [https://wiki.mozilla.org/Security/FirstPartyIsolation '''First Party Isolation'''] and [https://wiki.mozilla.org/Security/Fingerprinting '''Fingerprinting Resistance'''].  First Party Isolation was shipped in Firefox 52 (off by default); the MVP of Fingerprinting Resistance will be shipped in Firefox 59 (also off by default).
In 2016, we started the [[Security/Tor_Uplift|'''Tor Uplift project''']] to take the Tor Browser patches and "uplift" them to Firefox.  When a patch gets uplifted, the Firefox team takes the change Tor Browser needs and adds it to Firefox.  These changes in Firefox are disabled by default but can be enabled in preferences.  Because preferences can be changed rather than updating each patch, the Tor Uplift project saves the Tor Browser team a lot of work.
 
The primary targets of the Tor Uplift project were two features: [[Security/FirstPartyIsolation|'''First Party Isolation''']] and [[Security/Fingerprinting|'''Fingerprinting Resistance''']].  First Party Isolation was shipped in Firefox 52 (off by default); the MVP of Fingerprinting Resistance will be shipped in Firefox 59 (also off by default).


Tor Uplift also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience.  That's the goal of '''Fusion''', the next big step of the collaboration between Mozilla and Tor.
Tor Uplift also gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience.  That's the goal of '''Fusion''', the next big step of the collaboration between Mozilla and Tor.


Fusion was initiated in 2018.  Mozilla and the Tor Project are working closely on this project.
Fusion was initiated in 2018.  Mozilla and the Tor Project are working closely on this project.
Fusion is being revived in 2025. Exact goals are still to be figured out.


== Project Vision ==
== Project Vision ==
Line 22: Line 29:


We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world by bringing cutting-edge privacy enhancing technology to more users.
We believe the collaboration between Mozilla and Tor can create a positive, significant impact on the world by bringing cutting-edge privacy enhancing technology to more users.
== Motives ==
Further incentives for working together for Mozilla:
* Leverage engineering effort Tor Browser developers put into Tor Browsers on building the fingerprinting protection to include these protections for a wider audience
* Collaborate with experts on browser privacy to advance privacy protections in Firefox
* Eventually provide a mode with same privacy guarantees as Tor Browser
Incentives for Tor Browser folks:
* Being able to bring more protections to Tor Browser that currently wouldn't be feasible with the rebase workflow
* Reduce rebasing efforts for shipping Tor Browser freeing up engineering resources for other tasks
* Eliminate barriers for landing patches in Firefox to contribute directly to mozilla-central


== Project Goals ==
== Project Goals ==
Although this project is still experimental and in beginning phases, the ultimate long-term goal of Fusion is to integrate full Tor Browser features in Firefox. There are many potential paths for our project, including enabling some features by default and others only in [https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history Private Browsing Mode].
The ultimate long-term goal of Fusion is to integrate full Tor Browser features in Firefox. There are many potential paths for our project, including enabling some features by default, others only in [https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history Private Browsing Mode] while some only in [https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop ETP-Strict]. If the protection doesn't fit in any category, it is possible to land it behind a pref disabled in all Mozilla channels.


We need a lot of research and experiments to support the decision-making for the final solution.  However, the clear short and mid-term goals are:
We need a lot of research and experiments to support the decision-making for the final solution.  However, the clear short and mid-term goals are:
Line 34: Line 51:
* '''We will determine how best to integrate the Tor proxy into Firefox'''
* '''We will determine how best to integrate the Tor proxy into Firefox'''
* '''We will allow First Party Isolation and Fingerprinting Resistance to be enabled only in Private Browsing Mode'''
* '''We will allow First Party Isolation and Fingerprinting Resistance to be enabled only in Private Browsing Mode'''
{| class="wikitable"
|+ Motivations
|-
! Mozilla !! Tor
|-
|
* Ship existing fingerprinting protection to a wider audience
* Collaborate with experts on browser privacy to advance privacy protections in Firefox
* Eventually have the same privacy guarantees as Tor Browser
||
* Reduced rebasing effort on patchset for Tor Browser
* Collaborate with Mozilla developers on Privacy features in the Browser that couldn't be implemented with the rebase workflow
* Reduced efforts on getting patches reviewed and landed in mozilla-central
|}


== Project Lists ==
== Project Lists ==
=== Tor Uplift ===
=== Tor Uplift ===
The [https://wiki.mozilla.org/Security/Tor_Uplift '''Tor Uplift'''] project is aimed at landing all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.
The [[Security/Tor_Uplift|'''Tor Uplift''']] project is aimed at landing all Tor Browser patches so that Tor can directly use Firefox main trunk instead of a fork.


=== First Party Isolation ===
=== First Party Isolation ===
The [https://wiki.mozilla.org/Security/FirstPartyIsolation '''First Party Isolation'''] project is part of the Tor Uplift initiative. <br>
The [[Security/FirstPartyIsolation|'''First Party Isolation''']] project is part of the Tor Uplift initiative. <br>
It implements one of the Tor Browser core features ([https://www.torproject.org/projects/torbrowser/design/#identifier-linkability Cross-Origin Identifier Unlinkability]). <br>
It implements one of the Tor Browser core features ([https://www.torproject.org/projects/torbrowser/design/#identifier-linkability Cross-Origin Identifier Unlinkability]). <br>
First Party Isolation (also called "double keying") was incorporated in Firefox 52 with the preference '''"privacy.firstparty.isolate"'''.  It provides a very strong anti-tracking protection by preventing third parties from tracking users across multiple sites.
First Party Isolation (also called "double keying") was incorporated in Firefox 52 with the preference '''"privacy.firstparty.isolate"'''.  It provides a very strong anti-tracking protection by preventing third parties from tracking users across multiple sites.


=== Fingerprinting Resistance ===
=== Fingerprinting Resistance ===
The [https://wiki.mozilla.org/Security/Fingerprinting '''Fingerprinting Resistance'''] project is part of the Tor Uplift initiative. <br>
The [[Security/Fingerprinting|'''Fingerprinting Resistance''']] project is part of the Tor Uplift initiative. <br>
It implements another Tor Browser core feature ([https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability Cross-Origin Fingerprinting Unlinkability]). <br>
It implements another Tor Browser core feature ([https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability Cross-Origin Fingerprinting Unlinkability]). <br>
Fingerprinting Resistance (also called "anti-fingerprinting") was incorporated in Firefox 59 with the preference '''"privacy.resistFingerprinting"'''.  It is a defense against browser fingerprinting, which is a widely used Web tracking technology to identify individuals.
Fingerprinting Resistance (also called "anti-fingerprinting") was incorporated in Firefox 59 with the preference '''"privacy.resistFingerprinting"'''.  It is a defense against browser fingerprinting, which is a widely used Web tracking technology to identify individuals.
Line 68: Line 70:


If you are interested in contributing to Fusion, drop by:
If you are interested in contributing to Fusion, drop by:
* the '''#anti-tracking:mozilla.org''' matrix channel, or
* the '''#tor-browser-dev'''  [https://gitlab.torproject.org/tpo/team/-/wikis/IRC IRC channel], also bridged to matrix on '''#tor-browser-dev:matrix.org''', or
* the '''#tor-browser-dev'''  [https://gitlab.torproject.org/tpo/team/-/wikis/IRC IRC channel], also bridged to matrix on '''#tor-browser-dev:matrix.org'''
* the '''#anti-tracking:mozilla.org''' matrix channel


== External Links ==
== External Links ==
Manuel Bucher
Confirmed users
451

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1253234...1255002"