Tor Browser

Status
Not open for further replies.

Overlord

Level 10
Thread author
Verified
Content Creator
Well-known
Feb 22, 2013
451
Tor Browser and Tails system in new scenes.

The fight of those who would like to censor the Internet and surrender the internet to surveillance in the name of various important reasons with those who have the most important good for the free flow of information becoming more acute. The latter have just received updates of their most important weapons - browser Tor Browser to version 8.0, and the Linux distribution Tails to version 3.9. There are many changes, but are they going in the right direction?.
Tor Browser 8.0 is the first stable release of this browser built on the basis of the long-term supported Firefox 60 ESR (the first one from the new Quantum line), evidently focusing on friendliness for novice users. This was achieved by refreshing the about: track page, introducing what marketers call 'onboarding' - a guide for novices, adding support for new languages, and simplifying the function of gaining bridging servers. The way of displaying the circuits and informing about the .onion pages has also been changed.

Let's start with what is undoubtedly good in the new Track Browser. Until now users of this browser from countries in which Tor is blocked by system (such as China), could use the mechanism of bridges to avoid censorship. The mechanism is very good, only the majority of these bridges were quickly blocked by censors. To get access to new ones, you had to send an e-mail for this - which was not always possible.

Now in the configurator window the user just needs to indicate that Tor is censored in his country, and then ask to provide a bridge from torproject.org. Clicking the button displays a dialog with the CAPTCHA test. Its solution connects to the BridgeDB service, which provides a new IP address for the bridge.

tb8-bridges-small1.gif


A positive change is also the extension of language support - Tor Browser now has Catalan, Irish, Indonesian, Icelandic, Norwegian, Danish, Hebrew, Swedish and Chinese (traditional) locations. Windows users can use a 64-bit browser compilation, which should be more stable than 32-bit. Newer versions of important components were also used, including the OpenSSL 1.0.2p library. Also a dozen defects noticed since the Tor Browser 7.5.6 edition were repaired. Nothing to install, right?

Unfortunately, we are not entirely convinced that Tor Browser is going in the right direction. This new page about: the track looks like an intrusive ad that we would not like to see every time we view the browser. The previous screen was much more discreet, not reminding us every time that here we get the most private experience of browsing the internet in the world. We would prefer to have here a link to check if we're connected via Tor - and for some reason the site has disappeared.

tb8-onboarding-small1.gif


In addition to the most important issue, or privacy, Tor Browser 8.0 seems to be turning back. In part, this is the result of changes in Firefox itself. As you know, Mozilla has abandoned the classic system of extensions and you have to use these new ones based on the WebExtensions interface. This in turn means the need to use the new version of the NoScript extension (10.1.9.1), which provides much less control over the scope of launched content than the old version, and does not allow to disable JavaScript on Mozilla domains. The settings for individual pages are also not kept, and the extension menu itself, which now consists of only few understandable icons, does not dazzle usability.
However, the issue of browser identification is much more worrying. Tor Browser stands out greatly in the crowd, does not even try to hide the user's operating system. This is the result of a change in Firefox, which makes it impossible to lie about the operating system after enabling the resistance to the identification of the fingerprint of the browser and present it as Windows NT 6.

This can be masked using JavaScript, but is it not risky to use JavaScript itself in the context of many websites? One can imagine that such disclosure of the User-Agent string will allow the attacker to correlate the activity wishing to maintain the anonymity of the user, especially if he visits little-known websites. We hope that Tor Browser developers will solve this problem quickly - because they probably do not want to weaken the privacy of their users, right?.....
Source and more info: (website in Polish)
Ulepszona broń do walki z cenzurą: przeglądarka Tor Browser i system Tails w nowych odsłonach
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Im using tor browser with ublock origin, in terms of speed its as fast as firefox does. Extensions should not be added, but i cant imagine using it just with a noscript. But still with extensions it makes this browser very privacy, over standard firefox

Only downside is high memory usage, but i really dont mind that

I could think this as mainbrowser solution as poweruser.

Do you know people that are using tor daily?
 
L

Local Host

Im using tor browser with ublock origin, in terms of speed its as fast as firefox does. Extensions should not be added, but i cant imagine using it just with a noscript. But still with extensions it makes this browser very privacy, over standard firefox

Only downside is high memory usage, but i really dont mind that

I could think this as mainbrowser solution as poweruser.

Do you know people that are using tor daily?
Using ad-blockers goes against the objective of using Tor in the first place, that is privacy and anonymity.

Firefox is no longer a great source to use either, since they been disregarding privacy in the last updates, and have gone the same way of Google (by gathering data).

However, Chromium is not an option since it's heavily tied to Google, and even if they heavily modify the Source, would be a chore to keep it up to date.

Making their own browser from scratch would be an even greater chore.
 
Last edited:

Jimbo791

Level 2
Verified
Jul 23, 2018
69
I believe that TOR has been "cracked" some time ago, you just got to understand that been "invisible" is hard work and well beyond 99.99% of people
 
  • Like
Reactions: Deleted member 178
D

Deleted member 178

Security is about preventing things to get in, which is way easier than preventing things to get out.
 
  • Like
Reactions: Eddie Morra
L

Local Host

Security is about preventing things to get in, which is way easier than preventing things to get out.
Privacy and anonymity are extremely easy to have Online, but when people get paranoid and wanna hide every little irrelevant detail that is another story.

No one knows who you are, just because they have data on your IP and Hardware ¯\_(ツ)_/¯

The same way no one on this Forum (including the admin) knows who am I, and has no way to find out, even though I'm not even trying to hide myself.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Im not looking for being 100% anonymous. Just bit of privacy. Im aware of doxxing happening, but im not person to target and i have nothing to hide anyways

Im aware of basic privacy throught social media and only looking for browser alternatives, even im using googles services in daily life(android btw)

Google chrome is just too superior

The thing i wanted to ask is just , why bundle firefox/chrome with such privacy extensions when you can have TOR browser wich is firefox esr and actually working pretty well and can compete on browser market against others
 
L

Local Host

Im not looking for being 100% anonymous. Just bit of privacy. Im aware of doxxing happening, but im not person to target and i have nothing to hide anyways

Im aware of basic privacy throught social media and only looking for browser alternatives, even im using googles services in daily life(android btw)

Google chrome is just too superior

The thing i wanted to ask is just , why bundle firefox/chrome with such privacy extensions when you can have TOR browser wich is firefox esr and actually working pretty well and can compete on browser market against others
You shouldn't worry about DDoS attacks, as Home Users generally get dynamic IPs, and ISPs have ways to deal with such attacks. Tor browser is nothing more than a network of proxies with strict configuration and privacy addons, ancient practices made simple.

We can all go just fine with a normal browser, I only use Tor to access some dark web links ¯\_(ツ)_/¯
 
L

Local Host

That depend from who you hide. Other people, indeed you don't need to implement too much measures.
However if you are a political activist or criminal, and you hide from government/authorities, a strong strategy is required.
Of course, but I assume most of us aren't (criminals), so there's no need to be paranoid about every detail.

As you said, people should worry more about Security.
 
E

Eddie Morra

I believe that TOR has been "cracked" some time ago, you just got to understand that been "invisible" is hard work and well beyond 99.99% of people
Whether you're using Tor or not, you're not going to be 100% anonymous and it is a simple truth that many people fail to grasp.

You're name is Jim and you're using the Tor browser because you believe it allows you to be completely anonymous and that you can do anything you want, when you want to, with absolutely no consequences.

It simply does not work like that.

If you are performing illegal activities whether you're using no VPN, a VPN, or going through the Tor network... you're going to eventually be caught if you're bad enough for anyone high up to care about what you are doing.

1. Resourceful people such as government agencies do have ways to perform surveillance on suspected criminals who are using the Tor network. I admit, some of it goes over my head, so I cannot recall to you how they actually do it. Think of some random networking science-sounding things... that is what the government can do if you're important enough.

2. Resourceful people (such as government agencies once again) will go out of their way to find and then exploit vulnerabilities in the Tor browser. They've done it many times before and they will do it many times in the future. If you're important enough to them, they will do everything they possibly can to catch you, up to the extent of what they believe is reasonable according to how important you are to them.

3. Resourceful people have more than one way to track people... it can be based on other factors such as writing style, interactions with certain people, user-name and avatar decisions, topics being interacted with when signed into accounts, etc. Anything from the browser window size, default fonts, zoom level, etc. can also be taken into account.

Other people here can go on and on about it...

Tor does not automatically make you anonymous and it will definitely put a barrier on your online activities because many services will start enforcing arbitrary captcha codes consistently which will slow you down - not to mention that passing through the Tor network will put a drain on your internet speed anyway.

It goes without saying that while Tor in itself is not illegal, you can easily run into something which does happen to be illegal if you do not know what you are doing... and such can be used as evidence against you to get you into trouble. You do not want to accidentally get yourself into trouble.

Lastly... it also goes without saying that if you're using the Tor network and your ISP can see you using it (e.g. there is not a VPN behind it) then you may look even more suspicious and it may cause people to look into your activities even more. You may automatically have yourself put onto a watch-list radar simply because of the arbitrary Tor usage than if you were not using it.
 
E

Eddie Morra

If you are performing illegal activities whether you're using no VPN, a VPN, or going through the Tor network... you're going to eventually be caught if you're bad enough for anyone high up to care about what you are doing.
Cyber-criminals who have been known to have owned various dark web market-places like Silk Road... look at what happened to them in the end. They were eventually caught, arrested, and that was the end of their cyber-criminal activities for the rest of their life.

If someone believes that using Tor and a few other anonymity techniques are going to keep them from being caught out by some of the worlds most talented when it comes to vulnerability research and exploitation, online surveillance, networking, .... then wait and see at what will happen because they will fail very hard 9 times out of 10.

They will eventually be caught just like everyone else.
 

Moonhorse

Level 37
Verified
Top Poster
Content Creator
Well-known
May 29, 2018
2,602
Im just reading one crime forum, from my country and its about crimes done in our little country ( finnish)

If you want to register on their site, theyre like saying you should get atleast vpn/tor if youre commenting something because if the crime case is investigated police will go throught those messages for hints/tips and stuff like that


@Eddie Morra i know that honeypots exist on tor atleast but will just reading those sites actively get you marked by isp/police?

In my country freedom of speech is like bigger thing than drugs, wich is kinda sad sometimes

uhh:unsure:
 
E

Eddie Morra

@Eddie Morra i know that honeypots exist on tor atleast but will just reading those sites actively get you marked by isp/police?
Local police? Slim chance.

Local police rarely have sufficient resources to possess the technical skills required with dealing with things like multiple VPNs where the culprits name is not easily accessible, let alone the Tor network... in my opinion.

Employees of government agencies who are paid top-dollar to literally research on Tor-network areas (e.g. dark-web) on a daily-basis with the intention of catching criminals they are already aware of or finding out about new ones who surpassed their radar previously or have just come onto the grid? You can bet that they'll be onto you if they suspect you are up-to-no good.

That being said, even accessing dark-web content regardless of whether you are doing anything yourself can be against the law depending on what it is, and you'll definitely be watched if you're noticed... and treated like a criminal who was up-to-something. For example, they may raise questions as to why you are viewing an action on drugs.

Depending on where you live, even as so much as witnessing an activity and not reporting it can constitute as being illegal... like seeing people selling drugs online or sharing stolen credentials.

Regularly, government agencies take over websites which are related to criminal activities over the Tor network by force and then keep it silent whilst they collect intelligence on as many people as they possibly can who have performed illegal activities - they may do this for literally years without saying a word before having hundreds or more people arrested on charges they can file based on all of the collected evidence.

As long as you are not accessing anything shady on the Tor network, you'll probably be fine. You can use the Tor network for normal website access as well, it doesn't have to be dark-web areas full of criminal activity.
 
  • Like
Reactions: Moonhorse
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top