Tor + Chromium is it really that safe/private?

I've been following Tor Project in what comes to their efforts to bring Tor to Chromium/Chrome users, but still nothing concrete due to issues with Chromium/Chrome itself, that could result in privacy issues for the user.

I can't find anything that says that it's already that safe to use Tor + Chromium. That said, has anyone tested both and what have you discovered about it?


Thanks


P.S: I apologize if it has been talked before, but after a quick search I couldn't find a thread that talked about it, at least not one directly targeting these two.

 

There is only one safe version of Tor, and that's the Tor Browser Bundle.

 

There is also Tails which is a Live DVD/USB version that wipes RAM upon shutdown.

-- Tom

 

Tails is not a browser, but you are indeed correct. Its a shame it lacks VPN support though.

 

Hi Taliscicero,

I never made the claim that Tails is a browser - it uses a Firefox browser derivative named Iceweasel which is conformant with Tor Browser Bundle according to posts in the Tails Forum before it closed down to allow more work to get done on Tails.

By virtue of using Tor, Tails provides 3 hops instead of a 1 hop provided by most VPNs to disguise your Ip address, in effect masking your ip address better than a single or double hop VPN would.

-- Tom

 

I disagree. There is nothing inherently insecure about using any other socks capable application with Tor provided that you don't care about the software leaking information.

Run Tor and the application from different virtual machines, and insure the virtual machine hosting the application does not contain any private information and that it has no direct internet connectivity.

There is already a project called Whonix which does that and you could probably do a similar thing under Windows.

 

I agree with justpeace.

I had previously cherry-picked the prefs.js file from the Tails browser for a Tor compatible version of Firefox (my own Firefox Lite) to work on a KDE variant of Ubuntu along with Tork instead of Vidalia.

The better scheme is as justpeace said - running Tor/applications from a VM.

-- Tom

 

You can configure Chromium to use the TOR proxy. The main difference is the Firefox TOR bundle wipes your history after you close the window, it has some plugins and it's based on a Firefox long supported build version.

The main risk of using Chromium with TOR is probably when you use Chromium to do some general web browsing, then use TOR with Chromium and your cookies (created when you were not using TOR) are now sent over TOR, resulting in a less private browsing environment.

 

The cookies sent over the Tor scenario only occurs when the same profile is used when using Tor with Chromium as was used when only Chromium was used for general web browsing, not otherwise if different profiles are used.

-- Tom

 

So, if one uses Chromium without the privacy issues, such as dns prefetching, no cookies, no javascript, no plugins, etc., and using a dedicated profile just for use with Tor, then it can be as safe as the Tor bundle?

Chromium has (I don't think they have ended support to them) command line flags that allow to disable session data, for example.

You can even start Chromium with Tor, by making use of a command line flag as well, by using the --proxy-server.

In addition to that, one can start Chromium in Incognito, by also using a command line flag, --incognito. One can also easily disable referrers, without extensions.

I'm not sure if it's still the case, but there used to be some concern with window names, which could reveal the sites you visit, but there's at least one extension that prevents that.

 

Only if the precautions that are taken within the prefs.js file with the TBB are used in the dedicated Tor profile for Chromium.

-- Tom