{{toc}}

Note: this page is about perhaps running the Torbrowser in Tails, not the full blown TBB.

Current position

We want to ship Torbrowser in Tails.

Implementation

Possible Paths

A - Get TorBrowser in Debian

This is bug #3994 on Tor Project’s Trac — Get TorBrowser in Debian

Torbrowser packaging in Debian is sloooowly going on.

• Apparently, it’s hard to make iceweasel co-installable with a torbrowser Debian package. Without Mike Hommey’s help, this won’t happen.
• Different XUL app with dedicated UUID? If so, every extension must be patched to be marked as compatible with torbrowser too.
• How to make the Torbrowser profile updatable? Static profile? And what about bookmarks?

B - Custom iceweasel package with TorBrowser patches

This is related to bug #5236 on Tor Project’s Trac (Make a deb of the Torbrowser and add to repository).

iceweasel + torbrowser patches builds and works fine. Being worked on in feature/torbrowser. Our iceweasel Git repo is documented on git.

done in Tails 0.14

• How would the two Mikes’ patches live together?

Very well, thank you :)

C - Ship and run the TBB’s torbrowser executable

The work done on bug Feature #5611 on Tor Project’s Trac (Enhance "Transparent Torification (Requires custom transproxy or Tor router)" in Tor Button) may help.

Integration issues:

• The TBB’s homepage is set to the small=1 version of check.t.o, which is not suitable for Tails: it asks users to update their TBB. Update: "the next TBB release that includes Torbutton 1.4.6" (as of 2012-05-25) does not use this special homepage anymore, so this will soon be a non-issue.
• Extensions provided at the Debian system level are ignored, although extensions.enabledScopes is set to 1. Perhaps Debian installs extensions in non-standard places?
• The TBB ships l10n’d packages, while Tails needs to support as many languages as possible.
• How do we modify the Firefox profile shipped by the TBB?

A few attempts in this direction:

• Ague’s one
• adrelanos’ one
• suggestions on the forum

Previous position

As we once wrote, we see interest in shipping the TBB in Tails:

• bigger anonymity set;
• shared maintenance work once the integration work is done.

However, it would not be easy at all: the TBB is explicitly designed to be as autonomous as possible, and to avoid taking into account the system around it the slightest bit; this makes it hard, generally, to integrate it into a wider system. E.g.: it runs its own Vidalia and its own Tor; its Tor is configured differently than Tails context requires; Torbrowser warns about launching external applications; etc. Tor is getting more and more integrated into the Tails system as a whole: e.g. time setting integration; bridge mode will soon be toggleable at tails-greeter time; this kind of things make it even harder to think how the TBB could fit into the big picture.

As a consequence, the work needed to get TBB fit for the job would be quite big, and it would probably contain a bunch of "if $TAILS_MODE … else" in the end, which partly defeats the initial purpose.

We have higher priority tasks in our roadmap, so it won’t happen any time soon unless we get serious amounts of help.

Pros and cons

Browser fingerprinting

We may want to hitchhike on the TBB’s anonymity set or create our own.

The advantages of merging, to a certain extent, with the bigger TBB’s anonymity set are obvious.

Current differences:

• AdBlock vs. no ad blocker
• ESR vs. release channel
• information about additional add-ons installed in Tails may leak
• some system-level differences may leak (e.g. installed fonts)
• small configuration differences: harmonize iceweasel config with tbb
• Torbrowser patches may imply other differences

But even if we shipped the Torbrowser in Tails, how much would it look like a TBB to adversaries? There are many, many, many ways to split a given anonymity set. The more you zoom in, the more anonymity sets are fragmented. At one given scale, there’s one such thing like "The TBB’s anonymity set". Zoom in a tiny bit, and there are 12 or more TBB’s anonymity sub-sets.

A middle ground that might make sense would be to try to look like the TBB to the eyes of "$RANDOM web server admin", and feel free to diverge in the eyes of more powerful, or better placed, adversaries.

Pending questions

• How will the Torbrowser release cycle influence our own release cycle? Their source is generally up-to-date, their binary builds might be lagging behind occasionally, worst case is that we exceptionally have to build our own. It also happens that a patch is not applying cleanly, and then we have to wait or contribute a fix.

Resources

• "Tor Browser disabling Javascript anonymity set reduction" thread on tor-talk