Torbutton: Secure Tor Toggler

Torbutton is a Firefox extension that allows you to securely toggle your usage of the Tor Network on and off via a toolbar button. It provides a number of features to prevent IP address leaks and correlation of Tor and Non-Tor activity, including cookie isolation, history protection, cache management, timezone spoofing, useragent spoofing, and much more.

I actually inherited the project from Scott Squires (who I believe adapted it from ProxyButton). My work on the project was to make the toggle process actually be safe, secure, and private.

The reason I picked it up was because of HD Moore's announcement that it was possible to trivially bypass users' Firefox proxy settings with common browser plugins. When I started work back in March of 2007, I thought would be a simple task of just disabling plugins, clearing cookies, and clearing history during Tor Toggle.

It took about a month or so to get a prototype version ready to present in my Defcon 15 presentation on Securing the Tor Network.

However, just about every two weeks (almost like clockwork) a new major privacy issue, bug, or "must-have" feature would show up. This continued for 16+ months, and it's still ongoing.

In hind sight, it's lucky that it worked out that way. Had I realized the size of the task that I was attempting at the start, I probably would have given up and done something else.

Or maybe I would have still bit the bullet and done it anyways. Privacy on the web is something that is very very important to me. It's hard to imagine not having the ability to opt out of certain Google queries and website visits going down on my permanent record.