In autumn 2014, rumors circulated that anonymity network Tor was in talks with Mozilla over adding Tor’s private browsing mode to its popular open source web browser, Firefox. Mozilla initiated the development of a new privacy initiative called Polaris, and the potential collaboration with the Tor anonymity network could bring even more privacy features into Mozilla’s products.
With their benefits and disadvantages, both companies have numerous reasons for uniting their efforts. They share a similar noble aspiration of giving web users more secure and safer browsing experience, as well as options of better web surfing, online privacy and anonymity.
Back in 2013, notorious NSA leaks kickstarted a new corporate concern for privacy. Since then, thriving cybercrime and rapidly increasing global digital censorship and surveillance have driven the world’s biggest companies to take to encryption. Tor was engaged in talks with Internet service providers, hardware manufacturers, and software development firms about potentially integrating Tor into their products. Tor executive director Andrew Lewman said: “Privacy is becoming the hot new buzzword for products to include”.
Technically, in case of agreement undertaking, there were several key challenges that Tor’s developers had to face as per growing network capacity, and such work could take up to a year to complete. So it happened.
Summer 2016, the continuation of “Mozilla & Tor” saga took place. The Nightly build of Firefox 50 started integrating features that originated in Tor. While only a few are available, it appears several more changes will be made public soon. Right now, there are 3 patches:
• tool to prevent attackers from listing what types of plugins and mime Types the user’s browser supports,
• tool to prevent finding out if the user’s browser is using a landscape or other orientation,
• tool to remove the “Open With” option in the download dialog.
These features provide privacy-friendly users with better options to harden the browser against browser fingerprinting. A third-party can fingerprint users by collecting second-stage information such as supercookies, HTML5 canvas details, screen size, color depth, time zone settings, WebGL details, mouse movements, and so on. These data are combined to create a very accurate fingerprint of users when they access other websites, even if their real IP address is never revealed. Online advertising agencies and crooks running exploit kits also employ fingerprinting for normal Web traffic in order to select and categorize users.
Mozilla’s plans as for the Tor improvements’ integration include eight patches that are currently being worked on, and four that are already integrated in Firefox. Wait and see what Mozilla has in stock for our security.