Tor is an important tool providing privacy and anonymity online. The property of anonymity itself is more than just providing an encrypted connection between the source and the destination of a given conversation. There is in fact a lot of information that can be still learned by just observing encrypted communications. The Tor Browser was designed to provide privacy while surfing the web and defend users against both network and local forensic adversaries, There are two main categories of requirements for the Tor Browser: Security Requirements, and Privacy Requirements. Security Requirements are the minimum properties in order for a browser to be able to support Tor and similar privacy proxies safely. Privacy requirements are primarily concerned with reducing linkability: the ability for a user’s activity on one site to be linked with their activity on another site without their knowledge or explicit consent. The Tor Browser is based on Mozilla’s Extended Support Release (ESR) Firefox branch. We have a series of patches against this browser to enhance privacy and security. Browser behavior is additionally augmented through the Torbutton extension, and we also change a number of Firefox preferences from their defaults. This session is going to explore what tool and resources are missing for website and web applications to embrace more privacy friendly practices, and work seamlessly on Tor browser. We well answer some fundamental questions, like: - Why tor browser is slightly different from Firefox (or another browser) - Why does my app work differently in tor browser? What can I do to make it work smoothly? - How can I make my app compatible for people that do not use JS? - How can I configure an onion service? - What should I consider in order not to expose sensitive information about myself or visitors to my website? Code examples for css, js and backend configurations will be shared.
venue: “Internet Freedom Festival”
location: “Valencia, Spain”