Will these extensions compromise Tor's anonymity?

Running Tor through a well known VPN, was wondering if adding these extensions could possibly hurt Tor's anonymity and possibly reveal info?


Adblock Plus
https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/?src=search

SettingSanity
https://addons.mozilla.org/en-US/firefox/addon/settingsanity/?src=search

Smart Referer
https://addons.mozilla.org/en-US/firefox/addon/smart-referer/?src=search

Thanks ahead of time for any info!

 

My .02

Use of the TBB exactly as it is allows you to better maintain anonymity. Why? The browser fingerprint (yours) remains generic. Sites view you as one of millions of TOR users all with the same fingerprint. Any time you install an add on you are creating something that can make you stand out in the crowd. When you add a handful of them it starts to become quite distinguishing. From your post you don't really say HOW you are using TOR in the sense of whether its bare bones or VM? I strongly prefer to use a VM because that approach allows a user to remove his/her actual machine ID automatically. If you are on a windows machine bare bones there is too much being revealed to suite me. This is my opinion only. I do use VM's, TOR, and VPN's and vary the connection order as a hobby. I don't even really need all this but its fun to learn. LOL!

Out of curiousity are you running TOR over your VPN, or are you running the VPN over TOR (which do you connect to first)? Both have a solid point to be made.

 

Hmm, didn't realize that adding a few extensions would actually change my footprint with Tor. I'm Using it on a Win 7 machine, tried setting up / using VM however still a tad over my head lol. I'm using a fairly well know VPN that allows me to basically lock down the VPN in case the connection drops. I stopped using Tor for a while and was running paid JonDoNym however I recently tried Tor again and really like how fast it is now (Tor launcher / bundle 3.5).

I did disable in noscipt scripts globally allowed, disabled javascript & changed a few settings in about:confog like disabling prefetching and caching etc. Also changed the setting to allow no cookies at all. When I connect I fire up the VPN first (then lock it down to prevent leaks), I then start Tor Bundle. When I run wireshark all I see is encrypted UDP traffic from the VPN so I take it that it's working as it should (hopefully). Also added openDNS to adapter and tested (no DNS leaks).

I don't do anything dodgy with this, just want to be able to browse sites without someone potentially monitoring everything I do. BTW, I think running Tor is a big red flag to an ISP, that's one reason for the VPN.

 

I feel the same about TOR where I live. I always pick the VPN first when I am at home for the reasons you gave. When I am away I may go the other route. You used the word footprint, but I use the word fingerprint. That is what sites gather when you visit and its instant and easy for them to do. Anytime you change a characteristic in the browser you differ the fingerprint. Each difference creates a more unique YOU. I cannot stress how much strength you could add by going the VM route (recommend VirtualBox) especially on a 7 host. Creating a linux guest in the VM is really easy to do. Then just add the TBB and you are good to go. Linux does not have any product keys. Absence of this info means better anonymity. Since its free and open source there are no registrations needed. I am not Einstein so if I can do it most anyone can.

 

If your ISP finds TOR suspicious, then why wouldn't it also find the use of a VPN suspicious?

 

Since Tor's browser anonymity, and browser fingerprinting, has been mentioned here - other then using the Tor Browser Bundle's ability to employ a "Private Window", has anyone found a replacement for the no longer available/supported FireGloves add-on?

Manual techniques could be used through "about:config" but they are neither safe nor convenient.

 

To some extent, it's just numbers. According to https://metrics.torproject.org/users.html there are currently about 3.0exp+6 Tor users globally. I'm guessing that there are easily ten times more VPN users, and perhaps 100 times more.

 

Every company I have worked for requires me to use a VPN to access the company system from home. Smart salespeople use VPNs while traveling and logging online at various hotel wifi/hotspots/etc.. Its the norm in my world. Although not true, perception is that all TOR users are doing illegal stuff (kiddie Porn, drugs, etc). With these perceptions creating "reality of sorts", I simply feel more comfortable locking down a VPN tunnel and then using TOR in a linux VM/Whonix afterwards. That way I get the best of both worlds. Security and Privacy. I may even add another VPN. [wink]

 

If you are worried about addons compromising anonymity I reccomend you download and use whonix. It's basically virtual machine where all connections are forced to go through tor and its impossible for any process to find your real ip. You can then run all the addons and plugins you want without worries.