[tptacek]

Tor Browser might be the least mainstream safe browser on the Internet:

* It permanently tracks the lagging ESR Firefox.

* It puts its users on Tor, which "anonymizes" them but also flags their traffic as interesting.

* It collapses all those users down to a single set of browser releases, making it cost-effective to target exploits to.

Use Firefox if you really like Firefox, but use the most recent version you can possibly get. Mozilla's is not the best-hardened browser.

Use Tor if you really believe in Tor. But use it explicitly, not as part of a browser bundle. Your choice of browser has a significant impact on your operational security; don't let a bunch of volunteers at Tor make that decision for you.

[BenElgar]

Though it's important to note that using Tor directly rather than the browser bundle means that your browser fingerprint is even more distinct than it would otherwise be.

[juliusmusseau]

The one time I ever used the Tor Browser (at work, out of curiosity), my desk phone rang within 5 minutes: the in-house IT security team wanted to know what I was doing. So you're not kidding when you say it makes one's internet traffic more "interesting"!

[jancsika]

> But use it explicitly, not as part of a browser bundle.

I hope you're conflating two issues here.

You surely aren't recommending users who "believe in Tor" install Tor directly and attempt to manually proxy their favorite browser traffic over it?

Not to say I disagree with your points against using TBB.

[packet_nerd]

I do this, using an up-to-date chromium browser proxied through Tor for regular browsing. I do this instead of the regular Tor browser on the theory that there's less potential for 0-day exploits.

Of course, this does compromise anonymity a bit in some respects, since there are probably few people who run chromium on Tor and because it's not as resistant to fingerprinting as the regular Tor browser. That's acceptable to me, as I only use that browser on Tor, and use another browser for things that could potentially leak my real identity.

[cyphar]

It also opens you to many subtle mis-configuration bugs that would result in your anonymity being removed completely. Are you sure you're tunneling DNS over Tor? IPv6? Are you sure that Chromium isn't phoning home with your real IP?

Tor Browser (despite its many faults) has lots of patches that are applied in order to stop these sorts of leaks. If it takes the people who develop Tor to continually patch Firefox in order to make it actually anonymous, I would argue you have a worse chance of making it work properly.

[jancsika]

> Are you sure that Chromium isn't phoning home with your real IP?

Especially given that Chromium does make startup queries to Google-owned servers. (Not sure about runtime.) Probably for perfectly reasonable usability and/or security reasons.

But I agree that Chromium manually proxied through Tor probably looks vastly superior to TBB when you do a benefit analysis. :)

Edit: added smiley to make what I'm saying slightly more obvious.

[avian]

I think you underestimate how widespread ESR Firefox is.

Debian ships Mozilla's ESR releases by default. I'm sure many shops that prefer stability over latest features also deploy ESR. Judging by how often it gets updated it seems to me Mozilla is pretty diligent at backporting fixes.

My wholly-not-representative-for-the-wider-web statistics say approx. 22% of Firefox UAs are ESR release.

[akerl_]

If 100% of the user pool for Debian, including all derivative distros (Ubuntu, etc), plus all users of the Tor Browser Bundle all used ESR Firefox, that would still make it a blip in the overall body of user internet traffic.

[AnaniasAnanas]

If you are worried about the security provided by the tor browser then you should be using projects like whonix and tails. Both of them try to block (or redirect it via tor?) all non-tor traffic, which should make it significantly more difficult to mount an attack.

[torified]

I've been googling a bit and come up with Whonix, Tails and Qubes.

Can anyone advise their opinion on which one would be best to run in a VM? I'm prepared to accept the security compromise of running in a VM, but I do want the ability to store passwords in the browser and save small files in the VM.

Edit: Just signed up for this account over Tor for shits and giggles. Literally my first post and it's dead immediately.

I get that Tor has spammers but I did have to do the captcha to create an account so this seems heavy handed. Seems like there's no way to legitimately post to hn over Tor.

[AnaniasAnanas]

Qubes is a Xen-based virtualization thing, it has nothing to do with tor by itself, you can think of it as a replacement to qemu or virtualbox (but not exactly). Qubes has official support for both Whonix and Tails.

It looks like whonix is what you are looking for, from wikipedia:

> Unlike Tails, Whonix is not "amnesic"; both the Gateway and the Workstation retain their past state across reboots

[torified]

Cool, thanks for the info. I think I'll try out virtualbox with Whonix.

[dang]

Some of those posts get autokilled by software, but moderators review them and unkill the legitimate ones. This is how I came across and unkilled yours.

[torified]

Thanks a lot, dang. I was hoping a mod would see my edit.