[tbb-dev] Work left before releasing the first alpha for Tor Browser on Android

Georg Koppen gk at torproject.org
Wed Mar 14 08:21:00 UTC 2018 

Igor Oliveira:
> Hi,
> 
> On 03/13/2018 10:21 PM, Georg Koppen wrote:
>> Hi all!
>>
>> While doing roadmapping on Sunday we decided to work towards getting our
>> first alpha for Tor Browser on Android out in July this year. Sitting
>> together today we discussed what needs to be done by then. The blockers
>> for that release are:
>>
>> 1) The first alpha should not be based on Firefox ESR but on the regular
>> release channel which we tend to follow for the mobile Tor Browser
>> 2) We need to make sure there are no proxy bypasses possible
>> 3) We need good hints for our users that this is an alpha, possibly
>> showing the missing features (UX team help)
>>
>> Moreover, the following things should have been investigated by then:
>>
>> a) What do we want to do with the updater/updating users in case we want
>> to not only use Google's Play Store but have the browser availale in
>> F-Droid and on our website as well?
>> b) Are the first-party-isolation and fingerprinting defenses on Android
>> working if the respective preferences are flipped?
>>
>> That means we don't plan to include Torbutton nor Tor Launcher right
>> now, which should happen later. Neither are we planning to have the
>> reproducible build of that browser ready by then. This is planned for
>> the second alpha scheduled for September.
> 
> 
> What about the features in the Torbutton such as domain isolator,
> content policy and dragDropFilter(maybe it happens in Samsung)? are we
> going to ship them?

You don't need the content policy part anymore as the patch that made
this necessary got upstreamed and is available in ESR 60 and beyond. I
hope it works as expected and we should test that, for sure.

The drag-and-drop protection thing is part of the no-proxy-bypass item
above. So, yes, we need to make sure this is not going to be an issue on
mobile as well.

For the domain isolator, if we want to have first-party-isolation in the
first alpha, we have to ship that component. It's not a blocker
according the things we discussed yesterday but I agree having
first-party-isolation available would be a good thing. So, let's try to
make that happen. :) It's part of b) above to figure out whether that's
the only blocker for it and how we could solve that one.

FWIW: one thing I forgot to mention (but maybe it goes without saying)
is that we need to adapt the branding (Orfox -> Tor Browser) for the
alpha and we might need help from the UX team with that.

(And there is no "Bowser" :) )

Georg

> Igor
> 
> 
>>
>> Let me know if I forgot something or whether the above does not make any
>> sense.
>>
>> Georg
>>
>>
>>
>> _______________________________________________
>> tbb-dev mailing list
>> tbb-dev at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev
>>
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20180314/b72f64bf/attachment.sig>

More information about the tbb-dev mailing list