Tor Browser Patches Start Being Uplifted into Firefox

The Tor (The Onion Router) team and Mozilla are working together to implement Tor browser patches directly into Firefox and tighten their collaboration.
The Tor browser is built almost entirely on Firefox, with 95% of its code coming from Mozilla’s browser. However, it still needs a series of changes, which the team refers to as patches. As part of the strengthened collaboration, these patches are set to become part of Firefox, albeit they will be disabled by default.
The Tor browser is built based on Firefox ESR (Extended Support Release), to which the Tor team adds a series of privacy features. While these patches are extremely valuable, they also require implementation each time the Tor team wants to move to a new version of Firefox, and that takes a lot of work.
To simplify this work, the Tor and Firefox teams have decided to work together to integrate the Tor patches to Firefox, an operation they refer to as “uplifting.”
“When a patch gets uplifted, we take the change that Tor Browser needs and we add it to Firefox in such a way that it’s disabled by default, but can be enabled by changing a preference value. That saves the Tor Browser team work, since they can just change preferences instead of updating patches. And it gives the Firefox team a way to experiment with the advanced privacy features that Tor Browser team is building, to see if we can bring them to a much wider audience,” the Tor team explains.
信息安全领域最突出的问题是信息安全产业发展严重滞后,信息安全科研和教育严重滞后,而其关键是信息安全人才极度匮乏。
The uplifting will start with First Party Isolation, a feature designed to deliver strong anti-tracking protection. The First Party Isolation functionality from Tor will be integrated into Firefox 52, which is set to arrive in March this year. Implementation will use the same technology the Tor team used to build the containers feature.
The isolation in Firefox 52 is expected to be as strong as in Tor, and will even include some stronger protections, it seems. Thus, the team plans on building the next Tor Browser iteration on top of Firefox 52, so that it won’t have to update the First Party Isolation patches for this version.
Firefox users, however, will see the First Party Isolation disabled by default, mainly because it creates a series of compatibility issues, breaking some websites. However, users will be provided with the option to turn the feature on by going to about:config and setting “privacy.firstparty.isolate” to “true”.
Next, the Firefox team will work on uplifting patches that prevent various forms of browser fingerprinting. The plan also includes a collaboration on sandboxing, based on Yawning Angel’s work for Tor Browser and the Firefox sandboxing features meant to start shipping in early 2017.
Courtesy of a tighter collaboration between the two teams, a zero-day vulnerability in Firefox that was being abused to track Tor users was resolved in both browsers within 24 hours.
2017年埃塞俄比亚将新增5000MW可再生能源项目

Related: Tor Implements Improved Anonymity Protection
Related: DNS Data Can Help Attackers Deanonymize Tor Users
利用社交网络的钓鱼攻击占到钓鱼攻击总数的84.5%,犯罪份子通过社交网络,很容易获得大量及时有用的信息,再配以各种其它欺骗手段,社交网络用户得加强防范。

猜您喜欢

万国数据获国家信息系统灾备与恢复一级资质
网络安全宣传月公益教育动画之保障工作场所安全
海外安全培训课程课件,帮助国外出差人员强化安全防范意识,积极应对劫持与绑架:
湖北警方捣毁卖淫窝点现场 管理培训一条龙涉嫌卖淫人员达20余人
HAMWEATHER YOUWERELIEDTOABOUT
自带计算设备BYOD的安全职责探讨