Will these extensions compromise Tor's anonymity?

Discussion in 'privacy technology' started by Phil McCrevis, Jan 8, 2014.

Thread Status:
Not open for further replies.
  1. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    My .02

    Use of the TBB exactly as it is allows you to better maintain anonymity. Why? The browser fingerprint (yours) remains generic. Sites view you as one of millions of TOR users all with the same fingerprint. Any time you install an add on you are creating something that can make you stand out in the crowd. When you add a handful of them it starts to become quite distinguishing. From your post you don't really say HOW you are using TOR in the sense of whether its bare bones or VM? I strongly prefer to use a VM because that approach allows a user to remove his/her actual machine ID automatically. If you are on a windows machine bare bones there is too much being revealed to suite me. This is my opinion only. I do use VM's, TOR, and VPN's and vary the connection order as a hobby. I don't even really need all this but its fun to learn. LOL!

    Out of curiousity are you running TOR over your VPN, or are you running the VPN over TOR (which do you connect to first)? Both have a solid point to be made.
     
  3. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US

    Hmm, didn't realize that adding a few extensions would actually change my footprint with Tor. I'm Using it on a Win 7 machine, tried setting up / using VM however still a tad over my head lol. I'm using a fairly well know VPN that allows me to basically lock down the VPN in case the connection drops. I stopped using Tor for a while and was running paid JonDoNym however I recently tried Tor again and really like how fast it is now (Tor launcher / bundle 3.5).

    I did disable in noscipt scripts globally allowed, disabled javascript & changed a few settings in about:confog like disabling prefetching and caching etc. Also changed the setting to allow no cookies at all. When I connect I fire up the VPN first (then lock it down to prevent leaks), I then start Tor Bundle. When I run wireshark all I see is encrypted UDP traffic from the VPN so I take it that it's working as it should (hopefully). Also added openDNS to adapter and tested (no DNS leaks).

    I don't do anything dodgy with this, just want to be able to browse sites without someone potentially monitoring everything I do. BTW, I think running Tor is a big red flag to an ISP, that's one reason for the VPN.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    I feel the same about TOR where I live. I always pick the VPN first when I am at home for the reasons you gave. When I am away I may go the other route. You used the word footprint, but I use the word fingerprint. That is what sites gather when you visit and its instant and easy for them to do. Anytime you change a characteristic in the browser you differ the fingerprint. Each difference creates a more unique YOU. I cannot stress how much strength you could add by going the VM route (recommend VirtualBox) especially on a 7 host. Creating a linux guest in the VM is really easy to do. Then just add the TBB and you are good to go. Linux does not have any product keys. Absence of this info means better anonymity. Since its free and open source there are no registrations needed. I am not Einstein so if I can do it most anyone can.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    If your ISP finds TOR suspicious, then why wouldn't it also find the use of a VPN suspicious?
     
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    Since Tor's browser anonymity, and browser fingerprinting, has been mentioned here - other then using the Tor Browser Bundle's ability to employ a "Private Window", has anyone found a replacement for the no longer available/supported FireGloves add-on?

    Manual techniques could be used through "about:config" but they are neither safe nor convenient.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    To some extent, it's just numbers. According to https://metrics.torproject.org/users.html there are currently about 3.0exp+6 Tor users globally. I'm guessing that there are easily ten times more VPN users, and perhaps 100 times more.
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Every company I have worked for requires me to use a VPN to access the company system from home. Smart salespeople use VPNs while traveling and logging online at various hotel wifi/hotspots/etc.. Its the norm in my world. Although not true, perception is that all TOR users are doing illegal stuff (kiddie Porn, drugs, etc). With these perceptions creating "reality of sorts", I simply feel more comfortable locking down a VPN tunnel and then using TOR in a linux VM/Whonix afterwards. That way I get the best of both worlds. Security and Privacy. I may even add another VPN. [wink]
     
  9. locjo

    locjo Registered Member

    Joined:
    Jan 7, 2014
    Posts:
    10
    If you are worried about addons compromising anonymity I reccomend you download and use whonix. It's basically virtual machine where all connections are forced to go through tor and its impossible for any process to find your real ip. You can then run all the addons and plugins you want without worries.
     
Loading...
Thread Status:
Not open for further replies.