At the meeting of Tor developers taking place these days in Stockholm, a separate section issues Tor and Firefox. The key tasks are to create an add-on that provides work through the anonymous Tor network in standard Firefox, as well as to transfer patches developed for the Tor Browser to the main Firefox package. A special website has been prepared to track the status of the transfer of patches . So far, 13 patches have been moved, and for 22 patches, discussions have been started in the Mozilla bugtracker (in total, more than a hundred patches have been proposed).
The main idea behind Firefox integration is to use Tor when working in private mode, or to create an additional super private mode with Tor. Since it takes a lot of work to include Tor support in the Firefox core, we decided to start by developing an external add-on. The add-on will be delivered via the addons.mozilla.org directory and will include a button to enable Tor mode. Delivered as an add-on will give you a general idea of ββwhat built-in Tor support might look like.
It is planned not to rewrite the code for working with the Tor network in JavaScript, but to compile it from C into the WebAssambly view, which will allow including all the necessary proven Tor components into the add-on without linking to external executable files and libraries.
Forwarding to Tor will be organized by changing the proxy settings and using your own handler as a proxy. When switching to work mode via Tor, the add-on will also change some settings related to security. In particular, settings similar to Tor Browser will be applied, aimed at blocking possible ways to bypass the proxy and oppose user system identification.
However, the add-on will require elevated privileges that go beyond regular WebExtension API-based add-ons and are inherent in system add-ons (for example, the add-on will directly call XPCOM functions). Such privileged add-ons must be digitally signed by Mozilla, but since the add-on is proposed to be developed in conjunction with Mozilla and delivered on behalf of Mozilla, obtaining additional privileges should not be a problem.
The Tor mode interface is still under discussion. For example, it is proposed to open a new window with a separate profile when clicking on the Tor button. In Tor mode, it is also proposed to completely disable sending requests over HTTP, since the contents of unencrypted traffic can be intercepted and modified on outgoing Tor nodes. Protection against changing HTTP traffic through the use of NoScript is considered insufficient, so it is easier to limit Tor mode to only requests over HTTPS.
Source: opennet.ru