From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Gerwitz Subject: Re: Do not use tor with browsers other than tor browser Date: Sat, 25 May 2019 22:39:22 -0400 Message-ID: <87a7fa9bxh.fsf@gnu.org> References: <861s0m21eb.fsf@gmail.com> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([209.51.188.92]:38862) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hUj54-0007Fx-4M for help-guix@gnu.org; Sat, 25 May 2019 22:40:15 -0400 In-Reply-To: <861s0m21eb.fsf@gmail.com> (Alex Vong's message of "Sat, 25 May 2019 19:56:28 +0800") List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Alex Vong Cc: help-guix@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Alex: On Sat, May 25, 2019 at 19:56:28 +0800, Alex Vong wrote: > I've seen recommendations on this list of using tor with browsers other > than tor browser, > e.g. , > and > . > > It is a really bad idea, the tor project faq recommends against it: > . > > The reason is as followed: Tor allows you to browse the internet > anonymously. It works by making users using the same version of tor > browser indistinguishable (i.e. in the same anonymity set[0]). This only > works if all the browsers have the same fingerprint. Using browsers > other than tor browser makes you distinguishable from that anonymity > set. > > Another reason is that modern browsers allows loads of way for > fingerprinting: user agent string, screen resolution, canvas > fingerprinting, webgl fingerprinting... Using Tor Browser is a good idea. But this isn't a binary decision---it's far more nuanced than that. First: Tor is used for more than web browsing. Some people use it to do one-off things like download files, e.g. using `torify wget`, or via their package managers. Some people use it for setting up onion services for private use. Some people use it to hide their location when SSHing into a server. Others use it to hide their internet traffic from e.g. hotspot providers, hotel rooms, their ISP, and so on. Etc. There's also the issue of defining your threat model (which is the case for both web browsing and all of the above). Do I just want to stop my hotel's Wifi provider from snooping on me? Do I just want to hide my location when SSHing or pushing code to a Git host? Am I using it in place of a VPN to prevent metadata collection from my ISP? Am I trying to prevent tracking from advertisers and other malicious companies? Am I a dissident under an oppressive regime, risking my life to leak information? On top of all of that, you have to actually change your habits; using Tor alone is not enough.[0] Using Tor Browser alone may not be enough. I personally use Tor for all of my Internet traffic, using Icecat with NoScript, Privacy Badger, uBlock Origin, HTTPS Everywhere, Cookie AutoDelete, Third-Party Request Blocker, and FoxyProxy (to easily allow me to disable Tor for my home webserver). My browsing is generally burdensome, though I am able to work around most issues, sometimes with substantial effort (I'm a professional web developer). For some sites, I'll visit via the Internet Archive or other caches (still over Tor). I run Icecat within a container to control what it can see on the filesystem, ensure caches are wiped out, and to help defend against exploits. I don't log into any websites, and if I do, then I understand the consequences of doing so and how to mitigate that. And so on. If I want a higher level of privacy, maybe I'll boot Tails and use Tor Browser on entirely different hardware. Maybe I wouldn't be comfortable ju= st using Tor Browser on my normal OS because a browser bug could still allow it to access my operating system or persist data. The point I'm trying to make here is: Tor Browser is good, but you still need to have some level of understanding of the problem and that Tor Browser does and does not solve. And once you have a certain level of understanding, you can decide whether you want to use Tor Browser. For most users, yes, it's easier to tell them to stick with Tails and Tor Browser. If your life depends on it, then you want a hardened, ephemeral system. But if you're just an average person fed up with corporate surveillance, you're not going to jump through a lot of hoops. You're going to stop using a system when it's inconvenient for you. So telling someone to use Tor with their existing browser and a handful of addons may be good enough, as long as that person understands that they may not be fully anonymous in that scenario. This is a complex topic, and I've just thrown some thoughts together in what little time I have. I would like still like to see it packaged for Guix at some point. Also note that Tor has been working with Firefox to upstream many of their changes.[1] [0]: I don't have time to dig up links right now, but for example: https://www.whonix.org/wiki/DoNot [1]: https://wiki.mozilla.org/Security/Fusion > > This page: > > should give you an idea how many fingerprinting issues exist in modern > browsers. > > This page: > > shows bugs specific to chromium-based browsers. > > My recommendation for now is to download tor browser from the tor > project website. AFAIK, tor browser for GNU/Linux are built with free > software only. In the future, we may want to build it ourselves, but of > course we need to be careful not to introduce fingerprinting bugs. > > [0]: https://privacypatterns.org/patterns/Anonymity-set > > Thanks, > Alex > =2D-=20 Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJc6fxaAAoJEIyRe39dxRuiY54P/icd0alboLXesrqmjEPQIAwW h9LcHgPHDgKSRsF4yaDD4eQY4mjYEGdiAGUAPSp2OVrzyNn+cPb7ho9PIhXT71q0 Td9Ypft3sG5tWZPSLV7QGC/EfrZvLX8ySljgBQA8hlpizTLkc+BldN0eTTZIqPB6 D+rc8KV0EzI0jFNBsltGK1rzpvV6Zbv9j5tIxFTs0W3SxH3nEfs3Ta+Pkl71NtsX AK1tqab5ScHxY1SB/FQAYQkBkGgN7Xa6qAAR8hU8gNvRU1D+EIubiHYA0o71sf6X ZpWhuCNe0N1JstIbcikD8Ct6ho/uCzZxg6yZvcqGoTtn9xX693iJ/27bHLGCu0dT JK3PiTDBHB7MqPKcVATAinMUNLk6WNlCogq1xTai7NRQaxw6JCQ0e0CwQf4ay8wl yzO2qRunA8Jf8iKryzraRIrctZR4KcTxezFVS3cMANjkcqml1ncgUigul0qGC4ch PRuReSgXrnMEi7hMqshfYxZVQUpfkYknpebOGnoVjJptYHsSyh4m/FRiUMqsQb02 FTGbVJwM8/Z9fnOcTaFT2vxonxIRqUxy4th2eFm2aYFKyHMC6xayOn0CEgtvYzSR bB54vjc763jF98pzT8KikuzY82o9O4EJCtBIs5qsy4nbgmgBSTQX7Lkg1yaIv2sr lnyQPfRtnLwtUFO11f+h =67NU -----END PGP SIGNATURE----- --=-=-=--