What are the optimal settings for maximizing anonymity while using Tor Browser?

Discussion in 'privacy technology' started by Please Help Me, Dec 10, 2012.

Thread Status:
Not open for further replies.
  1. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    I've been following the instructions on the following website which checks for IP addresses
    http://ip-check.info

    but even when I follow all of the instructions on that site, my real IP address, according to that site, occasionally gets revealed. What kind of changes do I need to perform in order to maximize the anonymity of my Tor browsing so that my real IP address can never get revealed?

    I know that I need to type in "about:config" in the url bar of my Tor Browser in order to reconfigure the settings , but are there other tips on how I can maximize my anonymity on Tor?

    I disabled Java, activated no-script, store no Cookies, no History, use HTTPS Everywhere, and I've allowed the instructions on ip-check.info that instruct me on how to cover up the security weaknesses it detects in my Tor Browser. The only security weakness I cannot completely fix would be the Browser window (I can't change the number of pixels the Browser window is) and apparently that is at Medium level security (rather than Perfect security).

    This is what it says about my Browser Window:


    Browser window
    1133 x 558 pixels (inner size)

    medium

    I can't get this rating to become "good" rather than just "medium". Is there anyway around this?

    Anyways, any hellp is greatly appreciated.
     
  2. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    When I've used the Tor Browser Bundle in the past, haven't used it lately, I never had any IP leaks and I don't see how this even possible since you're going over their network.

    I saw this Tor post here on Wilders, might help;

    https://www.wilderssecurity.com/showthread.php?t=318684

    Someone said;

    If a site loads javascript on your computer it could possibly obtain your IP and send it back to the server.

    Well, what is he talking about, a malicious script getting on your computer, anything is possible, but javascript you encounter while surfing the internet, I don't see how that's possible, since you are surfing over a Network...

    If you're seeing your IP, then I supsect a bug as the problem in Tor, this should not be happening and you should make a bug report.

    If you really care about your safety and security you should use a VPN and stay away from Tor...

    CHEERS
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I'm no Tor guru. But if any website sees your real IP address when you're using Tor, something's broken. Unless you truly know what you're doing, it's unwise to mess with TBB configuration. Also, Torbutton is no longer supported, because native Firefox isn't secure with Tor.

    If you can run VirtualBox VMs, I recommend Whonix. If you can't, I recommend nuking your TBB install, and reinstalling. And don't mess with it.

    It's possible, as DasFox notes, that you're seeing a Tor bug. But I doubt that.
     
  4. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
  5. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    Some of the default settings on TBB have to be changed such as ``browser.memory.cache`` according to ip-check.info
    but I didn`t make any significant changes to Tor`s configuration except for following the instructions on ip-check.info`s security check up for Tor.
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Before following instructions on ip-check.info for changing TBB configuration, it might be wise to ask on the tor-talk mailing list. Maybe it's been discussed already.
     
  7. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    What's wrong with following the instructions on ip-check.info? That site is pretty reputable when it comes to providing accurate information on Internet security/anonymity.

    Thanks for the advice, though.
     
  8. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
  9. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    Thank you very much. That information very helpful. The last time I checked that video wasn't on youtube.

    By the way, why do I have to re-log-in into this site after flipping through several pages on Tor Browser? Could it because cache or cookies are disabled on TBB? Could adding this site to the Cookies Exceptions List (for Cookies that are otherwise disabled) mitigate this problem of having to re-log-in after flipping through several pages on this site?
     
  10. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    The TOR BB is configured correctly, there is no need to fiddle with the settings. Just leave it in it's original form.
     
  11. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    What makes you say that?
     
  12. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,424
    TOR is safest at stock settings, adding plugins or messing with the config file might break your anonymity.
     
  13. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    Exactly! :thumb:
    Default settings are good enough...;)
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Well, who do you think would know best how to configure Tor and TBB, the TBB developers or the folks at ip-check.info?

    No problem :)
     
  15. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    TBB's default settings are GOOD, but not perfect since you still need to make some configurations in order to optimize it for anonymity. For example, Javascript is ON by default on TBB, and there are other security leaks that ip-check.info detect which have to be fixed up from TBB. The developers optimized most of the settings BUT there are still some settings that need to be changed for true optimization of anonymity.
     
  16. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    I do believe Tor recently enabled javascript, cookies, scripts globally allowed (noscript) in the bundle so that it was a little more user friendly (since the previous settings were breaking to many sites). The guys over at JonDos are no dummies when it comes to anonymity and correctly configuring a browser. IMO if you follow the recommendations when hovering over the red items listed @ ip-check.info you should be fine. If you just go into the settings and start changing any old setting you like then you will more than likely run into some problems.

    Personally I check tell websites I do not want to be tracked and always use private browsing mode in the tools>privacy section. NoScript embeddings all get checked. Addons used: adblock, https everywhere, noscript, refcontrol (set to block). Adblock list used: easy list, easy privacy, fanboy adblock list, fanboy tracking list, fanboy annoyance list. The extensions above are recommend by Tor on their site.

    about:config settings:

    browser.cache.memory.enable false
    browser.cache.disk.capacity 0
    browser.cache.disk.enable false
    browser.cache.disk.max_entry_size 0
    browser.cache.disk.smart_size.enabled false
    browser.cache.disk.smart_size.first_run false
    browser.cache.offline.capacity 0
    browser.cache.offline.enable false


    To make sure no plugins are enabled type about:plugins enabling and running plugins with Tor will almost certainly break anonymity. With the settings and extensions above you should see good results @ ip-check.info (only a few orange) that you cannot make green. Only way to get all green on that site is to use JonDoFox with JonDo, I prefer JonDo over Tor.

    A few good sites to check Tor:

    http://www.stayinvisible.com (you will need to enable javascript to test)

    http://privacy.net

    http://browserspy.dk

    http://whoer.net (use / click on extended version at the bottom of the page)

    https://torcheck.xenobite.eu/

    https://panopticlick.eff.org


    .
     
    Last edited: Dec 14, 2012
  17. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    That's more than good enough. Thank you very much, Phil McCrevis! :D
     
  18. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    You bet!
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    As I understand the approach in TBB, the goal is not so much "preventing tracking" but having all Tor users look the same to websites. One doesn't use TBB for browsing without Tor, so there's no leak.

    It was certainly more secure re malware to disable Javascript. But doing that broke most modern sites, and many users were enabling it, either overall or for particular sites. As a result, they became distinguishable from other users.

    Anyway, the more you customize TBB, the more unique you look.
     
  20. shuverisan

    shuverisan Registered Member

    Joined:
    Dec 23, 2011
    Posts:
    185
    Exactly as mirmir said, but the more you tweak ANY browser, the more unique you look.

    Taking the TOR browser and trying to make it into JonDoFox is pointless. Just download JonDoFox and all your results from ip-check will be green. (Well, no they won't, last time I used it, but that's a different story.)

    JDF is actually a browser profile that fits into your native Firefox install. You can choose which you want to use when you start FF. You'll then be part of an ID pool of JonDoFox users. This is smaller than native Firefox users by far, and likely Tor Browser Bundle users, too. JonDoFox is ideally made to be used with their VPN service.

    TBB settings are largely recommended to be left alone. Disabling JS will go far and that's something anyone can do safely, but as mentioned, you're cutting out a lot of the web experience by doing this. Keep in mind that even disabling JavaScript will change your fingerprint and when using Tor, this is evident in logs of websites and service providers.

    Here's a good thread on Firefox tweaks to minimize fingerprinting and it focuses on the JonDonym test.
    https://www.wilderssecurity.com/showthread.php?t=309748&highlight=JonDoFox


    Specifically about your problems, OP.

    Using TBB or a proxy, ip-check.info will tell you you're not anonymized or connected through Tor, and will show you an IP address, but it won't be your real one.

    On ipcheck.info, if you mouse over the pixel dimensions to the right of Browser Window, you'll see a notification saying, "Currently available browsers unfortunately do not allow to alter this setting! We are working on that..."
     
  21. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    Do you know how to keep the "browser.cache.memory.enabled" setting in "about:config" permanantely set to "false"? I have to change that setting from "True" to "False" every time I start up my TBB which is a pain in the ass. Thanks for your help btw, and thanks for all the useful information in this thread! I will have more questions in the future, but for now I am satisfied.
     
  22. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    Sent you a PM......
     
  23. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I could not possibly concur more.
     
  24. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Tor has nothing to do with safety nor security, but anonymity. And while I agree that it's not exactly a secure alternative, I find it pretty good when it comes to my anonymity needs.
     
  25. Please Help Me

    Please Help Me Registered Member

    Joined:
    Nov 6, 2012
    Posts:
    64
    Don't worry. I figured out how to solve that problem. Just click on TBB's Tor Button icon in the top left corner of TBB. Then click on Preferences -> Security Settings-> Cache -> click on the "Disable disk and memory access during Tor" option. And finally click on OK.

    This keeps "browser.cache.memory.enabled" as "false" for every subsequent session of Tor rather than having you toggle it from "True" to "False" every time you start Tor.

    Anyways thanks for your help.

    Oh I have another question.

    I am browsing this site with TBB right now, and I've enabled HTTPS Everywhere (so that the Exit Node cannot sniff my log-in credentials). I've noticed that for every 4-5 pages I surf on this site while on TBB, I have to re-log into my account. How do I make it so that I don't have to re-log-in to this site whenever I browse for more than every 5 pages because I don't want to re-login after flipping through more than 5 pages on this site?
     
Loading...
Thread Status:
Not open for further replies.