Re: Regarding the return of Tor support on the 102.2.0 branch

[Ruben Rodriguez]

On 9/13/22 06:33, Mark H Weaver wrote:
> Earlier, I wrote:
> > Is this similar in functionality to the "Tor Button" extension that was
> > bundled with earlier versions of IceCat?
>
> Sorry, it was actually called the "Onion Browser Button".
>
> > If so, I have concerns about this approach.  I outlined them in the
> > following message:
> >
> >    https://lists.gnu.org/archive/html/bug-gnuzilla/2020-06/msg00008.html
>
> To facilitate restarting this discussion, here's a copy of the relevant
> portion of that message:
>
> Long ago, the Tor Browser developers reached the conclusion that having
> a simple toggle button was the wrong approach, and I agree.
>
>    https://blog.torproject.org/toggle-or-not-toggle-end-torbutton

It is a different extension that I adapted for IceCat. It corrects the
main issue in the previously implementation that misreporting the
connection status. This new one only toggles the proxy settings between
the usual localhost Tor daemon setting, or off. If the toggle is set to
on and the daemon is not running, connections simply fail.

This is still far from ideal and does not address any of the other
concerns about proper Tor integration, I only included it by rms's
request to experiment with integration implementations.

My suggested approach is this: distribute IceCat without Tor integration
by default, and add a section in the IceCat download/documentation page
that contains information on how to single-click install an extension
like the one I included (or some similar variation) alongside with an
explanation on the limitations/risks of that type of integration, and a
recommendation to use the Tor browser for higher security requirements.

OpenPGP_0x46A70073E4E50D4E.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature