Tor + Chromium is it really that safe/private?

Discussion in 'privacy technology' started by m00nbl00d, Jul 6, 2013.

Thread Status:
Not open for further replies.
  1. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I've been following Tor Project in what comes to their efforts to bring Tor to Chromium/Chrome users, but still nothing concrete due to issues with Chromium/Chrome itself, that could result in privacy issues for the user.

    I can't find anything that says that it's already that safe to use Tor + Chromium. That said, has anyone tested both and what have you discovered about it?


    Thanks


    P.S: I apologize if it has been talked before, but after a quick search I couldn't find a thread that talked about it, at least not one directly targeting these two.
     
  2. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    There is only one safe version of Tor, and that's the Tor Browser Bundle.
     
  3. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    There is also Tails which is a Live DVD/USB version that wipes RAM upon shutdown.

    -- Tom
     
  4. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Tails is not a browser, but you are indeed correct. Its a shame it lacks VPN support though.
     
  5. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Hi Taliscicero,

    I never made the claim that Tails is a browser - it uses a Firefox browser derivative named Iceweasel which is conformant with Tor Browser Bundle according to posts in the Tails Forum before it closed down to allow more work to get done on Tails.

    By virtue of using Tor, Tails provides 3 hops instead of a 1 hop provided by most VPNs to disguise your Ip address, in effect masking your ip address better than a single or double hop VPN would.

    -- Tom
     
  6. justpeace

    justpeace Registered Member

    Joined:
    Sep 21, 2012
    Posts:
    48
    Location:
    127.0.0.1
    I disagree. There is nothing inherently insecure about using any other socks capable application with Tor provided that you don't care about the software leaking information.

    Run Tor and the application from different virtual machines, and insure the virtual machine hosting the application does not contain any private information and that it has no direct internet connectivity.

    There is already a project called Whonix which does that and you could probably do a similar thing under Windows.
     
  7. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    I agree with justpeace.

    I had previously cherry-picked the prefs.js file from the Tails browser for a Tor compatible version of Firefox (my own Firefox Lite) to work on a KDE variant of Ubuntu along with Tork instead of Vidalia.

    The better scheme is as justpeace said - running Tor/applications from a VM.

    -- Tom
     
  8. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    You can configure Chromium to use the TOR proxy. The main difference is the Firefox TOR bundle wipes your history after you close the window, it has some plugins and it's based on a Firefox long supported build version.

    The main risk of using Chromium with TOR is probably when you use Chromium to do some general web browsing, then use TOR with Chromium and your cookies (created when you were not using TOR) are now sent over TOR, resulting in a less private browsing environment.
     
  9. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    The cookies sent over the Tor scenario only occurs when the same profile is used when using Tor with Chromium as was used when only Chromium was used for general web browsing, not otherwise if different profiles are used.

    -- Tom
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, if one uses Chromium without the privacy issues, such as dns prefetching, no cookies, no javascript, no plugins, etc., and using a dedicated profile just for use with Tor, then it can be as safe as the Tor bundle?

    Chromium has (I don't think they have ended support to them) command line flags that allow to disable session data, for example.

    You can even start Chromium with Tor, by making use of a command line flag as well, by using the --proxy-server.

    In addition to that, one can start Chromium in Incognito, by also using a command line flag, --incognito. One can also easily disable referrers, without extensions.

    I'm not sure if it's still the case, but there used to be some concern with window names, which could reveal the sites you visit, but there's at least one extension that prevents that.
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Only if the precautions that are taken within the prefs.js file with the TBB are used in the dedicated Tor profile for Chromium.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.