Progress Report: Coil Extension + Tor Browser
At Coil, we have recently put a lot of effort into making our extension compatible with Tor Browser such that users that want more advanced privacy features can also support their favorite content creators.
The Tor maximalist may now argue that one should not install any extension on Tor Browser since an extension can introduce privacy vulnerabilities. While this is true in general, we have put a lot of thought into making the open-source Coil extension as privacy-preserving as possible. We just recently launched a blind signature token scheme based on the cryptographic scheme of PrivacyPass to allow our users to stream micropayments without revealing who they are (more details can be found in Ben’s article).
So what prevents the Coil extension from working out of the box in Tor Browser, since it is based on the already supported Firefox Quantum engine? The first problem was the extension’s dependency on IndexedDB. Just like in Firefox Privacy Browsing Mode, IndexedDB is not working in Tor Browser. It is a known bug the Firefox development team is working on. This was an easy fix: We simply disabled the (unused) feature that depended on IndexedDB and witnessed the first successful Web Monetization micropayment in Tor Browser. Unfortunately, some issues still occur:
* The Coil login screen is just blank
* The Coil explore page doesn’t load perfectly
* The Coil extension is stuck in the payment setup stage
* The Coil extension says the user is logged out while s/he is logged in
We realize that this is a horrible user experience so we are working on a solution, reaching out for help from the teams at Tor and Cloudflare. In the meantime, if the Coil login screen or explore page don’t load correctly, you can reset the Tor circuit and it should work once you have found a “clean” exit node. Enabling web monetization is a bit more tricky. Since the extension resources are only loaded once, when you open the browser, circuit reset does not do the trick. You will have to restart the browser to try again.
Since we at Coil strive to be as privacy conscious as possible, we will continue working on this issue until it is fixed. We will keep you updated!