[tor-bugs] #8390 [Tor bundles/installation]: Improving the Mac Browser Bundle
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Mar 3 17:24:35 UTC 2013
#8390: Improving the Mac Browser Bundle
--------------------------------------+-------------------------------------
Reporter: Haravikk | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
'''Summary''':
Currently the Mac browser bundle isn't very Mac-like, and it includes some
basic problems.
'''Separation of TorBrowser and Vidalia'''
One issue straight away is that TorBrowser and Vidalia are bundled into a
single app. This isn't necessarily a problem on its own, however one side-
effect appears to be that if you open TorBrowser, causing Vidalia to open,
and fail to close Vidalia after you've closed the browser, then you cannot
re-open the browser when opening TorBrowser-en-US.
I would recommend separating the browser from Vidalia entirely, and simply
provide the package with its own implementation of Tor. When launching the
browser the script inside would look to see if a version of Tor is already
running and, if not, will open the bundled version of Tor in client-mode
with sensible, safe defaults (greatest compatibility with firewalls etc.).
This way if a user wants to run Tor as a relay then they can simply
download Vidalia separately and set it up to run in the background. Thus
when they open their browser it will use Vidalia's copy of Tor instead. By
looking for a valid Tor process a user could skip Vidalia entirely and
simply use Tor via command line/script.
'''TorBrowser Settings'''
While I respect that TorBrowser is intended to provide a secure
experience, the lack of any settings persistence is somewhat annoying.
Personally I don't mind allowing some of FireFox's history items such as
pages I've visited, and even cookies provided they are not from third-
parties and are cleared when I close the browser. I don't know if any
plugins already exist or if TorButton could include it, but being able to
clear cookies when I leave a domain (I no longer have any tabs/windows
open for that domain) would be good.
In any event, access to some of the basic FireFox settings is highly
desirable so that I can setup TorBrowser just as I would the normal
version of FireFox, but with the added benefit of knowing my traffic is
safe from inspection.
Ideally the TorBrowser settings would just be stored in my user library as
normal; the current behaviour of storing the settings inside the
TorBrowser-en-US bundle actually seems less secure to me, as the contents
of the TorBrowser-en-US/Library folder are actually world-visible but not
writable, meaning that other users on the same machine could potentially
see those contents, but also they would require their own copy of
TorBrowser as placing a copy in /Applications/ wouldn't work due to
conflicting permissions.
Besides which, I believe that removing FireFox's settings from the bundle
will allow the package to be signed for OS X's GateKeeper. If TorBrowser
uses a default FireFox profile then it should be possible for a launcher
script to simply copy this from within the bundle into a user's Library
folder on launch.
'''Conclusion'''
I think these kinds of changes would allow the TorBrowser bundle to better
focus on being a browser that connects to Tor, and improve integration
with Mac OS X. I may take a look at this myself if I have a chance, as if
it can be done using a shell script alone then I can probably Mac-ify
TorBrowser a bit better, but I don't know when I'll get a chance to look
at it properly as I know little about Tor, launching FireFox by command
line, and application bundles ;)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8390>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list