Page 2 of 2 FirstFirst 12
Results 11 to 20 of 20

Thread: How do we know TOR is safe?

  1. #11
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    6,971
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: How do we know TOR is safe?

    I gather that your evidence for TOR not working is that you-tube appears to recognise your browser.
    I don't think this is very good evidence agains TOR.
    Even if your browser is operating in ingognito mode so not sending cookies back to Google, they have other ways of recognising yoru browser.
    https://blokt.com/guides/browser-fingerprinting
    https://pixelprivacy.com/resources/b...ingerprinting/
    They probably have other methods too. They don't really need your IP address to get a very good idea about you, and your IP address is all that TOR hides as far as I know.

  2. #12
    Join Date
    Feb 2015
    Beans
    Hidden!
    Distro
    Ubuntu Mate 18.04 Bionic Beaver

    Re: How do we know TOR is safe?

    Quote Originally Posted by iamtheeggman2 View Post
    Hi,

    I was lead to believe TOR was safe for doing anonymous web surfing, I went onto YouTube to see some videos (before you ask I did not sign in) and yet laughingly it produced like 5 or 6 items in a suggestions list that were topics and channels I had visited recently on my normal browser which were topics that had absolutely nothing to do with the targeted youtube content.

    Of the thousands of topics and millions of recent videos publicised every week, how is this possible??????
    Tor from the repos has you still using the same browser (and its history list, cookies, etc) as you use normally everyday. It just redirects all traffic from your computer to the tor network and if the browser you are using has a history list then that is still available to sites like youtube. It is possible to use the tor-browser bundle directly from the tor project as it supplies and optimizes the browser to be used so no history is then available for sites like youtube.

    I would suggest you remove/purge the repo version of tor and then go to --this link-- and use the linux download link from there. The browser bundle is run from the home folder or an external usb drive, ie. from wherever it is stored; it is fully standalone. If you are only interested in browsing privacy then the browser bundle should be enough, I would only use the repo version if other applications or services are needed to be routed via the tor network.

    Note the browser fingerprinting links The Cog posted, this is one reason it is good to use the browser supplied with the tor browser bundle pack over the repo package and your usual browser. The browser bundle is optimized to avoid such techniques and will even give a stern warning about maximizing the browser window as the site you are on then can then tell your screen resolution in use. There are many different tactics the browser bundle is optimized to protect you against for privacy purposes.

    Regards, yeti.
    Last edited by yetimon_64; 4 Weeks Ago at 12:37 AM.

  3. #13
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: How do we know TOR is safe?

    New users commonly confuse TOR and TORBrowser. The majority of general users do not need TOR. They need TORBrowser. AFAIK, the repo version of TORBrowser and the external one are the same. This is because the repo does not actually install the browser itself, but just a launcher that then goes and downloads the latest TORBrowser. From that point onwards, the browser will continually check for updates and is no different than the bundle downloaded directly from the TOR site.

  4. #14
    Join Date
    Feb 2015
    Beans
    Hidden!
    Distro
    Ubuntu Mate 18.04 Bionic Beaver

    Re: How do we know TOR is safe?

    Quote Originally Posted by DuckHook View Post
    ...AFAIK, the repo version of TORBrowser and the external one are the same...
    Seems you are right there, from "apt-cache show torbrowser-launcher"...
    Code:
    When you first launch Tor Browser Launcher, it will download TBB from
     https://www.torproject.org/ and extract it to ~/.local/share/torbrowser,
     and then execute it.
     Cache and configuration files will be stored in ~/.cache/torbrowser and
     ~/.config/torbrowser.
     Each subsequent execution after installation will simply launch the most
     recent TBB, which is updated using Tor Browser's own update feature.
    Thanks for pointing that out I wasn't aware the repo supplied exactly the same/current version. Cheers.

    @ OP, instead of using the link I posted in post #12 it would be easier for you to just issue the next command in the terminal if it is only the browser protection that is needed ...
    Code:
    sudo apt install torbrowser-launcher
    Regards, yeti

  5. #15
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    19,867
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: How do we know TOR is safe?

    Just installing and using TOR isn't sufficient to be anonymous on the internet. Multiple behaviors must be altered too.

  6. #16
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: How do we know TOR is safe?

    Quote Originally Posted by TheFu View Post
    Just installing and using TOR isn't sufficient to be anonymous on the internet. Multiple behaviors must be altered too.
    ↑+10↑
    People need to get rid of their "magic app" thinking.

  7. #17
    Join Date
    Aug 2018
    Beans
    161

    Re: How do we know TOR is safe?

    The thing is though this is a browser that advertises itself as a completely anonymous browsing facility and it had no real use, should have no cache or any internet history access to my firefox browser.

  8. #18
    Join Date
    Feb 2015
    Beans
    Hidden!
    Distro
    Ubuntu Mate 18.04 Bionic Beaver

    Re: How do we know TOR is safe?

    Quote Originally Posted by TheFu View Post
    Just installing and using TOR isn't sufficient to be anonymous on the internet. Multiple behaviors must be altered too.
    Yes, absolutely. That is very important for anyone considering using tor to take heed of.

    Quote Originally Posted by iamtheeggman2 View Post
    The thing is though this is a browser that advertises itself as a completely anonymous browsing facility and it had no real use, should have no cache or any internet history access to my firefox browser.
    OP, please confirm which package/s you installed, it seems your expectations are not being met as you may have installed the wrong tor package for private browser usage.

    See the next screenshot for the tor browser bundle version of firefox which is using private browsing by default vs. the ubuntu repo version of firefox that uses normal browsing as default.
    If you are using the tor service and the standard firefox version then your browsing is NOT private by default. Note I do NOT have tor installed yet can run a tor browser with the standalone browser bundle package ...

    torbrowser-firefox.jpg

    Code:
    yetiman:~ $  apt-cache policy tor
    tor:
      Installed: (none)
      Candidate: 0.3.2.10-1
      Version table:
         0.3.2.10-1 500
            500 http://archive.ubuntu.com/ubuntu bionic/universe amd64 Packages
    Regards, yeti.

  9. #19
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 20.04 Focal Fossa

    Re: How do we know TOR is safe?

    Quote Originally Posted by iamtheeggman2 View Post
    The thing is though this is a browser that advertises itself as a completely anonymous browsing facility and it had no real use, should have no cache or any internet history access to my firefox browser.
    TOR Browser does not advertise itself as a "completely" anonymous browsing facility, but rather, as the "most" private. This claim happens to be true: it is the most private.

    However, there is no app, service or facility anywhere on the planet that can protect a person from the bad consequences of his/her own actions. It is simply not possible. An elementary example: if you visit your banking site using TOR Browser and enter your username/password, you are no longer anonymous. You've just bypassed TOR anonymization by telling the bank who you are. Ergo: there is no point using TOR Browser to visit such sites. Every app ever written relies on the user to work with it to allow it to do its job, and it cannot protect users who are intent on working against it.

    Another factor to consider is usability: TOR Browser's NoScript settings are pretty lax by default. They are set this way partially to facilitate a decent user experience, but also because unique NoScript settings that are only halfway properly set are also (perversely) a method that sites can use for browser fingerprinting. These are nuances that most users are not knowledgeable enough to understand. It is sometimes better to visit sites using regular Firefox, but with all scripts disabled through aggressive NoScript settings, than with TOR Browser. If one turns off cookies, all scripts, spoofs a different user-agent, uses a proper DoH service, connects through a VPN, sandboxes the browser (TheFu uses Firejail, I use a combo of AppArmor and unpriviliged LXD containers) and doesn't visit questionable sites, then one is pretty effectively hardened against even the worst that the Internet can throw at us. If you really want to take that ultimate step, then substitute a more primitive browser like Dillo or Links2 for FF and you've got almost all of your bases covered. Just be prepared for an ugly and primitive browsing experience that won't work at all on some sites.

    You're getting an avalanche of info here, but what should come through clearly is this: stop relying on apps or services or promises to protect you. Your primary and weakest link when it comes to online safety is the guy you see in the mirror. It is difficult to practice really good surfing hygiene; way more difficult than most people are willing to put up with. People think that they can continue behaving in a slovenly way so long as they use TOR Browser, and this false sense of security is perhaps the biggest downside of all to its use.
    Last edited by DuckHook; 4 Weeks Ago at 01:16 AM.

  10. #20
    Join Date
    May 2020
    Location
    Zud-Afrika
    Beans
    10
    Distro
    Xubuntu

    Re: How do we know TOR is safe?

    also installed Tor from their official page
    went to youtube and nothing looked familar,search / watched historywise
    also on 20.04 , so dont think anything wrong with distro.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •