From the
‘
Onion Router
‘
files:
The Tor onion router, privacy project is planning its own version of Firefox.
Some people may call this a fork – I don’t.
Tor as an onion router (or set of chained, private, maybe-anonymized proxies, if you’re lucky) is implemented in Firefox by way of the Torbutton add-on.
According to Tor developers there have been all kinds of bugs and challenges with the way Torbutton toggles privacy in Firefox, which is why they’re going their own way.
“Torbutton will be removed from addons.mozilla.org, and the Torbutton
download page will clearly state that it is for experts only, Tor developer Mike Perry blogged. ” If serious
unfixed security issues begin to accumulate against the toggle model,
we will stop providing Torbutton xpis at all.
I believe this shift must be done for a few reasons: some usability, some technical.The over-arching issue is that the set of bugfixes required to maintain
the toggle model is a superset of those required to maintain the browser
model.
Ummm ok, but…there are a few problems with this plan IMHO.
Mozilla developers aggressively patch Firefox for security issues on a regular bases. Most of those flaws are now in the category of use-after-free and stale pointer memory issues. Those types of issues are easily weaponized today by attackers.The flip side is that the root cause of the memory flaws is not so easy to fix, and will not be easy for Tor to track in their own browser implementation.