Delivery-Date: Thu, 19 Feb 2015 03:10:34 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2BEB71E106C
	for <archiver@seul.org>; Thu, 19 Feb 2015 03:10:33 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2964C33463;
	Thu, 19 Feb 2015 08:10:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AEEDF33462
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 08:10:24 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id gkZhLdtzMUN7 for <tor-talk@lists.torproject.org>;
 Thu, 19 Feb 2015 08:10:24 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 8E3203344F
 for <tor-talk@lists.torproject.org>; Thu, 19 Feb 2015 08:10:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=U/pRPiMdM3pPsgGpVYfwOopPMhd4YqwXOAJw3mLUg3Q=; 
 b=wsLPDJ+6wJ6I3DgUJ7oZ3ncW4+/qhCE/R+fjEjdPgaXOua4sKsj2PMV8zisflkM33Im2uvmR6x+teueksWVaj8/HGXhekFP46T2EhbTjhx2TVES6UXC3Hqekdg4k9luD5StxXYGS6ikrkWhCEwmeLGRfCzum79QDKN2PiOpqSe0=;
Received: ; Thu, 19 Feb 2015 00:10:21 -0800
Date: Thu, 19 Feb 2015 00:10:21 -0800
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20150219081021.GI26363@mail2.eff.org>
References: <54E59856.7080006@riseup.net>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <54E59856.7080006@riseup.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] Tor Browser Bundle with Chromium
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Luis writes:

> What are the reasons that makes building a Tor Browser using Chromium
> not such a good idea? I recall reading somewhere that while making a Tor
> Browser with a Chromium base would have its benefits due to Chromium's
> superior security model (i.e. sandboxing), there are "serious privacy
> issues" that would have to be solved to make that possible.
> My question is what are those issues? What is preventing someone from
> digging out all the Google integration and possible privacy-endangering
> features and making a Tor Browser Bundle out of it?

https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs

I think that list is kept relatively up-to-date.

More generally, there are a lot of customizations in Tor Browser to turn
off or alter Firefox features that might identify a user (by making one
Tor user's browser look recognizably different from others) or might
bypass the proxy (causing the browser to send non-Torified traffic over
the Internet).

The Tor Project hasn't received a lot of help from the Chromium developers
on changes that would be important for making these customizations --
but with or without that help, they would be a lot of work in their own
right, just as they were a lot of work on the Firefox side.

You can read about some of the customizations in the Tor Browser design
document at

https://www.torproject.org/projects/torbrowser/design/

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

