Stress that the Tor Browser should be used as much as possible #273

New Issue

2017-07-17T10:43:42Z

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 10:43:42 +00:00

(Migrated from github.com)

This is already done by a related project: https://prism-break.org/en/subcategories/gnu-linux-web-browsers/

Try to use Tor Browser Bundle (TBB) for all of your web surfing. It will offer you far better anonymity than any other browser. Make sure to learn the basics of Tor before using it. If the site you want to visit will not work in the TBB, try Firefox intead, but realize these browsers do not anonymize your ip by default.

TBB notes: Using the TBB to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node.

Where should this be? Also I can tweak the above paragraph and add additional details into why using Tor for most browsing is a good idea and how by using it one helps others get more privacy.

This is already done by a related project: https://prism-break.org/en/subcategories/gnu-linux-web-browsers/ > > Try to use Tor Browser Bundle (TBB) for all of your web surfing. It will offer you far better anonymity than any other browser. Make sure to learn the basics of Tor before using it. If the site you want to visit will not work in the TBB, try Firefox intead, but realize these browsers do not anonymize your ip by default. > > TBB notes: Using the TBB to sign into websites that contain your real ID is counterproductive, and may trip the site's fraud protection. Make sure to check for HTTPS before signing in to a website through Tor. Signing into HTTP websites can result in your ID being captured by a Tor exit node. Where should this be? Also I can tweak the above paragraph and add additional details into why using Tor for most browsing is a good idea and how by using it one helps others get more privacy.

ghost commented

2017-07-17 18:51:01 +00:00

(Migrated from github.com)

TPB is a high-value target when it comes to finding vulnerabilities in browsers.

You obviously shouldn't use TPB only for suspicious activity, but should generate some random noise as well. Also it's based on FF which is less secure than Chromium.

VPNs should be used as much as possible and we should explain how to use Tor properly. I will write a tutorial on using anonymity tools like Tor properly soon.

TPB is a high-value target when it comes to finding vulnerabilities in browsers. You obviously shouldn't use TPB *only* for suspicious activity, but should generate some random noise as well. Also it's based on FF which is less secure than Chromium. VPNs should be used as much as possible and we should explain how to use Tor properly. I will write a tutorial on using anonymity tools like Tor properly soon.

privacytoolsIO commented

2017-07-17 19:33:28 +00:00

(Migrated from github.com)

#276

ghost commented

2017-07-17 19:38:06 +00:00

(Migrated from github.com)

I agree it should be the first browser we commend, but still am not sure how much should we stress using it.

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 19:55:32 +00:00

(Migrated from github.com)

@Shifterovich

TPB is a high-value target when it comes to finding vulnerabilities in browsers.

Chromium has the same status if you consider its crushing market share. I don't see what your point is here.

VPNs should be used as much as possible and we should explain how to use Tor properly.

By that you mean that VPNs should be used as much as possible instead of Tor?

@Shifterovich > TPB is a high-value target when it comes to finding vulnerabilities in browsers. Chromium has the same status if you consider its crushing market share. I don't see what your point is here. > VPNs should be used as much as possible and we should explain how to use Tor properly. By that you mean that VPNs should be used as much as possible instead of Tor?

ghost commented

2017-07-17 19:57:19 +00:00

(Migrated from github.com)

HVTs use Tor, not Chromium.

And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense.

HVTs use Tor, not Chromium. And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense.

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-07-17 21:19:55 +00:00

(Migrated from github.com)

HVTs use Tor, not Chromium.

My point was that even if Tor Browser was based on the most secure browser (Chromium) then a similar argument would conclude that Chromium shouldn't be used.

FWIW an example of good practice for HVTs with the Tor Browser: When you visit TheIntercept's SecureDrop (https://y6xjgkgwj47us5ca.onion/), if JS is enabled they put the warning: We recommend turning the Security Slider to High to protect your anonymity: ...

And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense.

Tor is 1/n anonymity network, as such, using Tor as much possible can only make sense since it's not just about protecting oneself but also others.

And just to clarify, by as much as possible I mean:

For all websites with active content or that require logging in that block Tor (if some news site blocks Tor then the correct way would be to find cached version of it, or to use online proxies with websites such as https://searx.me or https://startpage.com ).
For websites that require identifying information such as bank websites.
For websites that require APIs disabled in the Tor Browser, such as websites that require WebVR...

> HVTs use Tor, not Chromium. My point was that even if Tor Browser was based on the most secure browser (Chromium) then a similar argument would conclude that Chromium shouldn't be used. FWIW an example of good practice for HVTs with the Tor Browser: When you visit TheIntercept's SecureDrop (https://y6xjgkgwj47us5ca.onion/), if JS is enabled they put the warning: `We recommend turning the Security Slider to High to protect your anonymity: ...` > And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense. Tor is 1/n anonymity network, as such, using Tor as much possible can only make sense since it's not just about protecting oneself but also others. And just to clarify, by as much as possible I mean: + For all websites with active content or that require logging in that block Tor (if some news site blocks Tor then the correct way would be to find cached version of it, or to use online proxies with websites such as https://searx.me or https://startpage.com ). + For websites that require identifying information such as bank websites. + For websites that require APIs disabled in the Tor Browser, such as websites that require WebVR...

ghost commented

2017-07-18 09:21:44 +00:00

(Migrated from github.com)

Visiting non-HTTPS websites over Tor is a very bad idea. Using Tor for most of your browsing sacrifices a lot of usability, yet I can't see a single positive thing about it.

👍 1

C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N commented

2017-08-17 11:24:17 +00:00

(Migrated from github.com)

@Shifterovich

Visiting non-HTTPS websites over Tor is a very bad idea.

Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High.

Using Tor for most of your browsing sacrifices a lot of usability,

Examples?

yet I can't see a single positive thing about it.

The whole "make covert traffic" (traffic analysis aspect) + "the bigger the crowd the easier it is to hide in it" (fingerprinting aspect).

@Shifterovich > Visiting non-HTTPS websites over Tor is a very bad idea. Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High. > Using Tor for most of your browsing sacrifices a lot of usability, Examples? > yet I can't see a single positive thing about it. The whole "make covert traffic" (traffic analysis aspect) + "the bigger the crowd the easier it is to hide in it" (fingerprinting aspect).

ghost commented

2017-08-17 11:44:42 +00:00

(Migrated from github.com)

There are other ways to generate noise without having to use Tor for all browsing.

Examples?

Low speed and a lot of things don't work in Tor.

There are other ways to generate noise without having to use Tor for all browsing. > Examples? Low speed and a lot of things don't work in Tor.

ghost commented

2017-08-21 13:11:47 +00:00

(Migrated from github.com)

Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High.

There are other reasons to use HTTPS. https://doesmysiteneedhttps.com/

> Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High. There are other reasons to use HTTPS. https://doesmysiteneedhttps.com/

blacklight447 commented

2019-08-09 21:06:27 +00:00

(Migrated from github.com)

We now have a big explanation on our VPN provider page which describes the difference between vpns and Tor, including their usecases, which makes this issue no longer needed, closing.

This repo is archived. You cannot comment on issues.