Do not use tor with browsers other than tor browser

Do not use tor with browsers other than tor browser

[Alex Vong]

[-- Attachment #1: Type: text/plain, Size: 1642 bytes --]

Hello everyone,

I've seen recommendations on this list of using tor with browsers other
than tor browser,
e.g. <https://lists.gnu.org/archive/html/help-guix/2019-04/msg00063.html>,
<https://lists.gnu.org/archive/html/help-guix/2019-05/msg00024.html> and
<https://lists.gnu.org/archive/html/help-guix/2019-05/msg00046.html>.

It is a really bad idea, the tor project faq recommends against it:
<https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser>.

The reason is as followed: Tor allows you to browse the internet
anonymously. It works by making users using the same version of tor
browser indistinguishable (i.e. in the same anonymity set[0]). This only
works if all the browsers have the same fingerprint. Using browsers
other than tor browser makes you distinguishable from that anonymity
set.

Another reason is that modern browsers allows loads of way for
fingerprinting: user agent string, screen resolution, canvas
fingerprinting, webgl fingerprinting...

This page:
<https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting>
should give you an idea how many fingerprinting issues exist in modern
browsers.

This page:
<https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs>
shows bugs specific to chromium-based browsers.

My recommendation for now is to download tor browser from the tor
project website. AFAIK, tor browser for GNU/Linux are built with free
software only. In the future, we may want to build it ourselves, but of
course we need to be careful not to introduce fingerprinting bugs.

[0]: https://privacypatterns.org/patterns/Anonymity-set

Thanks,
Alex

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: Do not use tor with browsers other than tor browser

[Raghav Gururajan]

> It is a really bad idea, the tor project faq recommends against it:
> <https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser>.

True! Is it possible to making it directly available in guix?

Re: Do not use tor with browsers other than tor browser

[oury.dustin]

This is interesting because on GuixSD 1.0.1 when I download tor
browser and try to start it I receive an error

ruki@guix ~/Downloads/tor-browser_en-US$ ./start-tor-browser.desktop
bash: ./start-tor-browser.desktop: /usr/bin/env: bad interpreter: No
such file or directory
ruki@guix ~/Downloads/tor-browser_en-US$

So the way I usually start by clicking the desktop icon from when I
used Trisquel doesn't work here. Maybe it has something to do with my
PATH?

On 25.05.2019 18:43, Raghav Gururajan wrote:
>> It is a really bad idea, the tor project faq recommends against it:
>> <https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser>.
> 
> True! Is it possible to making it directly available in guix?

Re: Do not use tor with browsers other than tor browser

[Mike Gerwitz]

[-- Attachment #1: Type: text/plain, Size: 5481 bytes --]

Alex:

On Sat, May 25, 2019 at 19:56:28 +0800, Alex Vong wrote:
> I've seen recommendations on this list of using tor with browsers other
> than tor browser,
> e.g. <https://lists.gnu.org/archive/html/help-guix/2019-04/msg00063.html>,
> <https://lists.gnu.org/archive/html/help-guix/2019-05/msg00024.html> and
> <https://lists.gnu.org/archive/html/help-guix/2019-05/msg00046.html>.
>
> It is a really bad idea, the tor project faq recommends against it:
> <https://www.torproject.org/docs/faq.html.en#TBBOtherBrowser>.
>
> The reason is as followed: Tor allows you to browse the internet
> anonymously. It works by making users using the same version of tor
> browser indistinguishable (i.e. in the same anonymity set[0]). This only
> works if all the browsers have the same fingerprint. Using browsers
> other than tor browser makes you distinguishable from that anonymity
> set.
>
> Another reason is that modern browsers allows loads of way for
> fingerprinting: user agent string, screen resolution, canvas
> fingerprinting, webgl fingerprinting...

Using Tor Browser is a good idea.  But this isn't a binary
decision---it's far more nuanced than that.

First: Tor is used for more than web browsing.  Some people use it to
do one-off things like download files, e.g. using `torify wget`, or via
their package managers.  Some people use it for setting up onion
services for private use.  Some people use it to hide their location
when SSHing into a server.  Others use it to hide their internet traffic
from e.g. hotspot providers, hotel rooms, their ISP, and so on.  Etc.

There's also the issue of defining your threat model (which is the case
for both web browsing and all of the above).  Do I just want to stop my
hotel's Wifi provider from snooping on me?  Do I just want to hide my
location when SSHing or pushing code to a Git host?  Am I using it in
place of a VPN to prevent metadata collection from my ISP?  Am I
trying to prevent tracking from advertisers and other malicious
companies?  Am I a dissident under an oppressive regime, risking my life
to leak information?

On top of all of that, you have to actually change your habits; using
Tor alone is not enough.[0]  Using Tor Browser alone may not be enough.

I personally use Tor for all of my Internet traffic, using Icecat with
NoScript, Privacy Badger, uBlock Origin, HTTPS Everywhere, Cookie
AutoDelete, Third-Party Request Blocker, and FoxyProxy (to easily allow
me to disable Tor for my home webserver).  My browsing is generally
burdensome, though I am able to work around most issues, sometimes with
substantial effort (I'm a professional web developer).  For some sites,
I'll visit via the Internet Archive or other caches (still over Tor).  I
run Icecat within a container to control what it can see on the
filesystem, ensure caches are wiped out, and to help defend against
exploits.  I don't log into any websites, and if I do, then I understand
the consequences of doing so and how to mitigate that.  And so on.

If I want a higher level of privacy, maybe I'll boot Tails and use Tor
Browser on entirely different hardware.  Maybe I wouldn't be comfortable just
using Tor Browser on my normal OS because a browser bug could still
allow it to access my operating system or persist data.

The point I'm trying to make here is: Tor Browser is good, but you still
need to have some level of understanding of the problem and that Tor
Browser does and does not solve.  And once you have a certain level of
understanding, you can decide whether you want to use Tor Browser.  For
most users, yes, it's easier to tell them to stick with Tails and Tor
Browser.  If your life depends on it, then you want a hardened,
ephemeral system.

But if you're just an average person fed up with corporate surveillance,
you're not going to jump through a lot of hoops.  You're going to stop
using a system when it's inconvenient for you.  So telling someone to
use Tor with their existing browser and a handful of addons may be good
enough, as long as that person understands that they may not be fully
anonymous in that scenario.

This is a complex topic, and I've just thrown some thoughts together in
what little time I have.  I would like still like to see it packaged for
Guix at some point.  Also note that Tor has been working with Firefox to
upstream many of their changes.[1]


[0]: I don't have time to dig up links right now, but for example:
     https://www.whonix.org/wiki/DoNot

[1]: https://wiki.mozilla.org/Security/Fusion


>
> This page:
> <https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting>
> should give you an idea how many fingerprinting issues exist in modern
> browsers.
>
> This page:
> <https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs>
> shows bugs specific to chromium-based browsers.
>
> My recommendation for now is to download tor browser from the tor
> project website. AFAIK, tor browser for GNU/Linux are built with free
> software only. In the future, we may want to build it ourselves, but of
> course we need to be careful not to introduce fingerprinting bugs.
>
> [0]: https://privacypatterns.org/patterns/Anonymity-set
>
> Thanks,
> Alex
>

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]

Re: Do not use tor with browsers other than tor browser

[Ricardo Wurmus]

oury.dustin@posteo.net writes:

> This is interesting because on GuixSD 1.0.1 when I download tor
> browser and try to start it I receive an error
>
> ruki@guix ~/Downloads/tor-browser_en-US$ ./start-tor-browser.desktop
> bash: ./start-tor-browser.desktop: /usr/bin/env: bad interpreter: No
> such file or directory

This is likely because the binary you have will expect the loader at
/lib64/ld-linux….so (or similar), which doesn’t exist on Guix systems.
The loader is provided by the GNU C library and you may need to patch
the binary with patchelf to override the interpreter.

An alternative might be to install the C library and link its loader
binary to the expected location, but we can’t guarantee that this would
work.

--
Ricardo

Re: Do not use tor with browsers other than tor browser

[Ludovic Courtès]

Hi,

Alex Vong <alexvong1995@gmail.com> skribis:

> The reason is as followed: Tor allows you to browse the internet
> anonymously. It works by making users using the same version of tor
> browser indistinguishable (i.e. in the same anonymity set[0]). This only
> works if all the browsers have the same fingerprint. Using browsers
> other than tor browser makes you distinguishable from that anonymity
> set.
>
> Another reason is that modern browsers allows loads of way for
> fingerprinting: user agent string, screen resolution, canvas
> fingerprinting, webgl fingerprinting...

I agree with all this, but note that IceCat has options (turned on by
default) to disable some of these things that make fingerprinting so
easy.

Ludo’.