Work left before releasing the first alpha for Tor Bowser on Android
Hi all! While doing roadmapping on Sunday we decided to work towards getting our first alpha for Tor Browser on Android out in July this year. Sitting together today we discussed what needs to be done by then. The blockers for that release are: 1) The first alpha should not be based on Firefox ESR but on the regular release channel which we tend to follow for the mobile Tor Browser 2) We need to make sure there are no proxy bypasses possible 3) We need good hints for our users that this is an alpha, possibly showing the missing features (UX team help) Moreover, the following things should have been investigated by then: a) What do we want to do with the updater/updating users in case we want to not only use Google's Play Store but have the browser availale in F-Droid and on our website as well? b) Are the first-party-isolation and fingerprinting defenses on Android working if the respective preferences are flipped? That means we don't plan to include Torbutton nor Tor Launcher right now, which should happen later. Neither are we planning to have the reproducible build of that browser ready by then. This is planned for the second alpha scheduled for September. Let me know if I forgot something or whether the above does not make any sense. Georg
Hey, On 03/13/2018 10:21 PM, Georg Koppen wrote:
Hi all!
While doing roadmapping on Sunday we decided to work towards getting our first alpha for Tor Browser on Android out in July this year. Sitting together today we discussed what needs to be done by then. The blockers for that release are:
1) The first alpha should not be based on Firefox ESR but on the regular release channel which we tend to follow for the mobile Tor Browser 2) We need to make sure there are no proxy bypasses possible 3) We need good hints for our users that this is an alpha, possibly showing the missing features (UX team help)
Moreover, the following things should have been investigated by then:
a) What do we want to do with the updater/updating users in case we want to not only use Google's Play Store but have the browser availale in F-Droid and on our website as well? b) Are the first-party-isolation and fingerprinting defenses on Android working if the respective preferences are flipped?
That means we don't plan to include Torbutton nor Tor Launcher right now, which should happen later. Neither are we planning to have the reproducible build of that browser ready by then. This is planned for the second alpha scheduled for September.
What about the features in the Torbutton such as domain isolator, content policy and dragDropFilter(maybe it happens in Samsung)? are we going to ship them? Igor
Let me know if I forgot something or whether the above does not make any sense.
Georg
_______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
Hi, On 03/13/2018 10:21 PM, Georg Koppen wrote:
Hi all!
While doing roadmapping on Sunday we decided to work towards getting our first alpha for Tor Browser on Android out in July this year. Sitting together today we discussed what needs to be done by then. The blockers for that release are:
1) The first alpha should not be based on Firefox ESR but on the regular release channel which we tend to follow for the mobile Tor Browser 2) We need to make sure there are no proxy bypasses possible 3) We need good hints for our users that this is an alpha, possibly showing the missing features (UX team help)
Moreover, the following things should have been investigated by then:
a) What do we want to do with the updater/updating users in case we want to not only use Google's Play Store but have the browser availale in F-Droid and on our website as well? b) Are the first-party-isolation and fingerprinting defenses on Android working if the respective preferences are flipped?
That means we don't plan to include Torbutton nor Tor Launcher right now, which should happen later. Neither are we planning to have the reproducible build of that browser ready by then. This is planned for the second alpha scheduled for September.
What about the features in the Torbutton such as domain isolator, content policy and dragDropFilter(maybe it happens in Samsung)? are we going to ship them? Igor
Let me know if I forgot something or whether the above does not make any sense.
Georg
_______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
Igor Oliveira:
Hi,
On 03/13/2018 10:21 PM, Georg Koppen wrote:
Hi all!
While doing roadmapping on Sunday we decided to work towards getting our first alpha for Tor Browser on Android out in July this year. Sitting together today we discussed what needs to be done by then. The blockers for that release are:
1) The first alpha should not be based on Firefox ESR but on the regular release channel which we tend to follow for the mobile Tor Browser 2) We need to make sure there are no proxy bypasses possible 3) We need good hints for our users that this is an alpha, possibly showing the missing features (UX team help)
Moreover, the following things should have been investigated by then:
a) What do we want to do with the updater/updating users in case we want to not only use Google's Play Store but have the browser availale in F-Droid and on our website as well? b) Are the first-party-isolation and fingerprinting defenses on Android working if the respective preferences are flipped?
That means we don't plan to include Torbutton nor Tor Launcher right now, which should happen later. Neither are we planning to have the reproducible build of that browser ready by then. This is planned for the second alpha scheduled for September.
What about the features in the Torbutton such as domain isolator, content policy and dragDropFilter(maybe it happens in Samsung)? are we going to ship them?
You don't need the content policy part anymore as the patch that made this necessary got upstreamed and is available in ESR 60 and beyond. I hope it works as expected and we should test that, for sure. The drag-and-drop protection thing is part of the no-proxy-bypass item above. So, yes, we need to make sure this is not going to be an issue on mobile as well. For the domain isolator, if we want to have first-party-isolation in the first alpha, we have to ship that component. It's not a blocker according the things we discussed yesterday but I agree having first-party-isolation available would be a good thing. So, let's try to make that happen. :) It's part of b) above to figure out whether that's the only blocker for it and how we could solve that one. FWIW: one thing I forgot to mention (but maybe it goes without saying) is that we need to adapt the branding (Orfox -> Tor Browser) for the alpha and we might need help from the UX team with that. (And there is no "Bowser" :) ) Georg
Igor
Let me know if I forgot something or whether the above does not make any sense.
Georg
_______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
participants (3)
-
Georg Koppen -
Igor Oliveira -
Igor Oliveira