While incognito mode - or similar features - on modern browsers may provide the illusion of privacy, research has consistently shown that websites can still track your browsing data and habits while using private browsing. The most well-known means of ensuring your anonymity on the internet comes courtesy of the Tor network, which uses 'onion routing' to redirect and encrypt your web traffic multiple times so that it can't be traced back to you.
Mozilla has already been looking at implementing native Tor browsing within Firefox for a while now, and a recent meeting of the core Tor team in Stockholm earlier over the last weekend discussed a proposal for one means of achieving this. While the eventual end goal for this partnership between Mozilla and The Tor Project is to natively integrate Tor into Firefox's codebase in order to offer a 'Super Private Browsing mode', there are several challenges that would make such an implementation difficult.
Chief among them is the ability to scale Tor's network to a much larger audience, while ensuring robust performance. In order to circumvent some of the larger challenges concomitant with a full implementation, the team discussed a proposal to create a Tor add-on for Firefox as an initial implementation. This would allow the team to both test the change without having to upend Firefox's codebase and also gauge users' interest in the provision of such a feature.
The technical details of what such an inchoate contrivance could look like are discussed in The Tor Project's meeting notes:
- acat has demonstrated how to compile tor to WASM. This would allow packaging all the necessary tor code inside the addon itself, without a dependency on external binaries. The addon would still need to be a privileged addon.
- Question: What's that? Answer: A privileged addon is one with elevated privileges compared to a standard WebExtension. It can call XPCOM functions, for example. A privileged addon needs to be signed by Mozilla, or something, but the idea for this proposal is to have it produced and distributed by Mozilla anyway, so that's not a problem.
- The addon would configure the browser to use tor as a proxy, as well as setting various prefs to prevent proxy bypasses and resist fingerprinting, much like those set by Tor Browser.
- Discussion of visual options for UI. Clicking the Tor-mode button would probably open a new window that uses a dedicated profile. This is because some of the prefs that the addon has to set are global to a profile, not to a window or a tab.
- What to do about HTTP? The feeling is that it's dangerous to pass unauthenticated HTTP through exit nodes. Packaging NoScript does not provide the best experience either. The easiest solution is to enforce (require) HTTPS when in Tor mode.
Unfortunately, there's no word yet on when the add-on might be available. In fact, it might never come to fruition at all. Both Mozilla and The Tor Project clarified in separate statements that the two are simply in the early stages of exploring a Tor mode for Firefox and that a firm decision on the matter is still pending.