### ### Plans for USB Tor bundle ### Steven J. Murdoch ### Firefox modifications --------------------- - Apply chrisd's SOCKS patch to remove the need for an http proxy altogether. chrisd's patch is linked here, https://bugzilla.mozilla.org/show_bug.cgi?id=280661 - Produce new branding so we don't infringe on the Mozilla trademarks [ Instructions here http://kb.mozillazine.org/Rebranding_Firefox ] [ We've sent 3 emails with no response so far. -Andrew] [mid priority] - Get FirefoxPortable building OR (preferably) Build our own firefox with our desired customizations OR (possibly better) Scrap Firefox and switch to a browser with Tor integration. [mid priority] - Eventually try to remove NSIS dependency for FirefoxPortable and move any necessary code into Vidalia. See docs/ToaST-startup.txt for what we will want to do. [low priority] - Tailor error messages so are more appropriate to Tor (e.g. point out dangers when submitting forms to non-HTTPS URLs) [low priority] - Check if setting -UILocale command line option, and match is a more reliable way of setting locale than general.useragent.locale. Alternatively, try intl.locale.matchOS=false and set environment variable from Vidalia See related Firefox code: http://lxr.mozilla.org/mozilla1.8.0/source/xpfe/bootstrap/nsAppRunner.cpp#802 Pidgin modifications -------------------- - Check that SOCKS 5 proxy is always used if configured - Don't include real account name when generating IRC realname General ------- - OCSP_RESPONSE is defined both in ssl/include/openssl/ossl_typ.h and wincrypt.h, which causes an error on building Tor. This can be fixed by renameing the #define in wincrypt.h, but something better should be done. See: http://www.mail-archive.com/openssl-dev@openssl.org/msg24079.html - Use process monitor to watch filesystem activity: http://www.microsoft.com/technet/sysinternals/utilities/processmonitor.mspx [ Vidalia doesn't appear to alter the registry other than the RNG seed and MountPoints2. Tor does this too, so can it be stopped? Firefox/FirefoxPortable alters other keys (Audio Compression Manager, Tcpip\Parameters, Shell Folders, Internet Settings) ] [low priority] - What should the installer look like (should it have the Tor logo)? We need to be clear in the documentation about the difference between the installer and the actual bundle [mid priority] - Ensure Firefox update works securely [low priority] - Investigate updating Tor automatically [low priority] - Add ToaST-like bootstrap mode/other pre-caching/disk-caching performance improvements (and understand the bottleneck) - Move "installer" to something more usable (NSIS?) - Set default extraction location the Desktop - Allow it to be translated - Make the directory selector clearer (not "...") - Investigate how to build Windows packages in a deterministic way so others can build them and compare digests. - Ask specific vendors to sign their packaged binary releases, probably with pgp/gpg. The packages are: 7zip, MinGW, MSYS, CMake, QT, msysDTK, zlib, FirefoxPortable Letters requesting package signatures have been sent to: zlib, MinGW, MSYS, CMake Soon letters will be sent to: QT, msysDTK, FirefoxPortable A forum post requesting package signatures have been posted for 7zip: http://sourceforge.net/forum/message.php?msg_id=4982530 Done ==== [ Done: 2008-06-18 ] - Make Vidalia show some evidence of activity while it is starting Tor [mid priority -- what do you have in mind here?] - Also make Vidalia show what percentage progress Tor has made in building a circuit (needs Tor to send events while startup is proceeding) - Tor should send out more status_event messages based on various milestones towards its circuit-establishment phase. - Vidalia should recognize these and either change the text for "Tor is starting up", or have a status bar, or something. [high priority] - Implement UPNP Perhaps based on this library http://search.cpan.org/src/SKONNO/Net-UPnP-1.2.1/ - Check if Torbutton behaves as intended if pre-configures by prefs.js - Modify Torbutton to prevent user from disabling Tor (easily) [mid priority] - Split archive or make auto-downloader to help people who cannot download large files in one go [ Done: 2008-05-27 ] - If we can't make a static build of Vidalia, produce a small executable to launch Vidalia (so the top level folder doesn't have random DLLs lying around) [mid priority] - Because the batch file cannot have an icon other than the default windows icon, perhaps we should abandon the batch file and use a windows specific shortcut. This would allow us to use the Vidalia icon and Vidalia will do all of the work that the batchfile once did. This may not work if shortcuts are all absolute. [ Done: 2008-02-15 ] - Make it easier to include optional Firefox extensions [ Done: 2008-01-30 ] - Make Vidalia start and stop Polipo too [high priority] [ Done: 2008-01-22 ] - Make a web page for bundle [ Done: 2007-12-12 ] - Add bookmarks that will help people understand tor better - The Tor frontpage - A hidden service of some sort? - A "check if your Tor is leaking" page [low priority] [ Done: 2007-12-12 ] - Build Tor myself [high priority] [ Done: 2007-12-12 ] - Add version numbers to builds [mid priority] [ Done: 2007-12-13 -- I think users should be able to stop (and restart Tor) without exiting Firefox. I've added the code to kill the browser when Vidalia exits but this won't work until PortableFirefox is replaced with Vidalia. ] - What to do when user clicks "Stop Tor" or exits Vidalia: Don't let them do it? Kill Firefox? Show a helpful message? We could make Vidalia change its button labels when it has launched Firefox for us, to make it clearer what clicking "stop tor" and "exit" will do. [ Done: 2007-12-19 -- it does guess, but this isn't good for a portable bundle ] - Check whether Vidalia auto-detects language if not specified. If this is likely to guess right, then maybe we should not specify in the config file. [high priority] [ Done: 2007-12-19 -- as of r12876 ] - Let us build a Simplified-Chinese and Farsi version. These would have Vidalia and Firefox configured to use these languages by default. [top priority] * We need a better Farsi translation in that case Once we have it working reasonably well, we should bug our Farsi-speaking friends (for example, our friends at IBB) for help. [ Done: 2007-12-20 ] - Investigate how to programmatically add extensions and modify preference files (partially complete). Adding them to user.js will override user modifications (sometimes not good). Adding them to all.js is better, but entries must be sorted (are there other constraints?) http://forums.mozillazine.org/viewtopic.php?p=1270157&sid=4fe009726e77cb0ae2a07dcf1e179fe6 [ Sorting them didn't work -- there is more magic here ] Extensions we want: Torbutton [important] https://addons.mozilla.org/en-US/firefox/addon/2275 [We should use the latest dev version of this -RD] Extensions we might want (from xB Browser and ToaST): Adblock Plus https://addons.mozilla.org/en-US/firefox/addon/1865 ChatZilla https://addons.mozilla.org/en-US/firefox/addon/16 PrefBar http://prefbar.mozdev.org/ Quick Locale Switcher https://addons.mozilla.org/en-US/firefox/addon/1333 Firesomething https://addons.mozilla.org/en-US/firefox/addon/31 Restart Firefox https://addons.mozilla.org/en-US/firefox/addon/1249 Window Styles http://www.bamm.gabriana.com/ [inaccessible 2007-12-13] Extensions we don't want (from xB Browser and ToaST): ErrorZilla Mod https://addons.mozilla.org/en-US/firefox/addon/3336 [Once we have polipo, it will be the one providing error messages. Does that make this extension moot? I think so. -RD] Flush Tor Circuit [superseded by Vidalia] ? NoScript [probably superseded by Torbutton] https://addons.mozilla.org/en-US/firefox/addon/722 [high priority] - Decide what preferences to set and what extensions to pre-install [ xB use this: http://archives.seul.org/or/talk/Nov-2007/msg00227.html ] [high priority] - Restore some/all Firefox settings on exit For example, if the user turned off Torbutton. We should accumulate other examples here. [mid priority] [ Done 2007-12-25 -- it's the "Tor Browser Bundle" ] - Come up with a new name [top priority] Vidalia modifications --------------------- - Prevent user from starting Firefox manually while Tor is still starting up OR (preferably) - Allow normal Firefox and Tor Browser to co-exist safely [mid priority] - Make Vidalia kill Firefox when it exits. Currently Vidalia terminates the process, but killing FirefoxPortable does not end Firefox. Either we could kill firefox.exe directly, or wait until Vidalia launches Firefox. - Firefox 3 will not support Windows prior to XP. Is this a problem for our userbase? [Turns out, no -Andrew]