1. Tor Project hasn’t audited Google’s WebAuthn library that Firefox uses yet, there is an open issue in the Tor Browser tracker which would also be applicable here.

2. There is no impact to removing the Mullvad Browser extension, I’ve already confirmed this with them a few days ago.

3. The long-term plan is for usability to be improved over Tor Browser in a number of aspects. Private Browsing mode being mandatory wasn’t the end-goal, it’s a requirement for Tor Browser’s threat model (they want to avoid writing anything to disk) which isn’t applicable to Mullvad Browser, but Private Browsing mode currently provides a lot of other privacy improvements (service worker isolation for example). Mullvad Browser needs to figure out how to take those privacy improvements and bring them over to non-Private Browsing mode, which will take time.

Expand full comment