From: Alex Vong <alexvong1995@gmail.com>
To: help-guix@gnu.org
Subject: Do not use tor with browsers other than tor browser
Date: Sat, 25 May 2019 19:56:28 +0800 [thread overview]
Message-ID: <861s0m21eb.fsf@gmail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1642 bytes --]
Hello everyone,
I've seen recommendations on this list of using tor with browsers other
than tor browser,
e.g. <https://lists.gnu.org/archive/html/help-guix/2019-04/msg00063.html>,
<https://lists.gnu.org/archive/html/help-guix/2019-05/msg00024.html> and
<https://lists.gnu.org/archive/html/help-guix/2019-05/msg00046.html>.
It is a really bad idea, the tor project faq recommends against it:
<https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser>.
The reason is as followed: Tor allows you to browse the internet
anonymously. It works by making users using the same version of tor
browser indistinguishable (i.e. in the same anonymity set[0]). This only
works if all the browsers have the same fingerprint. Using browsers
other than tor browser makes you distinguishable from that anonymity
set.
Another reason is that modern browsers allows loads of way for
fingerprinting: user agent string, screen resolution, canvas
fingerprinting, webgl fingerprinting...
This page:
<https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting>
should give you an idea how many fingerprinting issues exist in modern
browsers.
This page:
<https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs>
shows bugs specific to chromium-based browsers.
My recommendation for now is to download tor browser from the tor
project website. AFAIK, tor browser for GNU/Linux are built with free
software only. In the future, we may want to build it ourselves, but of
course we need to be careful not to introduce fingerprinting bugs.
[0]: https://privacypatterns.org/patterns/Anonymity-set
Thanks,
Alex
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
next reply other threads:[~2019-05-25 11:56 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-25 11:56 Alex Vong [this message]
2019-05-25 16:43 ` Do not use tor with browsers other than tor browser Raghav Gururajan
2019-05-25 21:16 ` oury.dustin
2019-05-26 6:38 ` Ricardo Wurmus
2019-05-26 2:39 ` Mike Gerwitz
2019-05-26 19:42 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=861s0m21eb.fsf@gmail.com \
--to=alexvong1995@gmail.com \
--cc=help-guix@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).