Through the Tor Uplift Project,[1] Tor Browser's Fingerprinting Protection feature is now available in Firefox on desktop and Android. The feature makes Firefox hide some pieces of identifying information from the sites you interact with, such as your timezone (which is set to UTC), some of your fonts, your keyboard layout/language, and parts of your user agent (for example, your browser version is set to the latest ESR version).[2]
To enable Fingerprinting Protection in Firefox, go to about:config and set privacy.resistFingerprinting to true.
Some Firefox forks enable Fingerprinting Protection by default, including LibreWolf[3] (desktop) and Mull[4] (Android). If you are on Android, the release version of Firefox does not include access to about:config, and you'll need to either switch to Firefox Beta/Nightly or use a fork like Mull, Fennec F-Droid, or Iceraven to take advantage of this feature.
I just altered that setting and now Firefox resets my zoom level for every page I read to 100%. Makes HN unreadable as my default zoom for this site is 170% and having to set it every page I visit becomes old very quickly!
The UTC cloaking has a lot of downsides. Websites displaying false times, but not reliably, as they are mostly not indicating the timezone, and you never know if they are displaying local time of the site's location or try to get clever and use the visitor's time. No privacy win if you are browsing on locally relevant web websites, because your timezone is implied anyway. e.g. most of Europe has the same one. All of this is justifiable for TOR use, but it is the single most annoying problem making it too inconvenient for regular use.
This website was redesigned a little while back, and the replacement is still missing a lot of useful content that was on its predecessor.
For example, although tor --help still sends users to https://www.torproject.org/, as far as I know it's impossible to find the daemon documentation starting from there. The older website https://2019.www.torproject.org/ does have these docs, but it's surprisingly hard to turn up in a search. (You're much more likely to turn up old documentation on one of the man pages sites.)
It's interesting to compare https://www.torproject.org/ and https://2019.www.torproject.org/ more generally. To my eyes, the new site is uglier, less inviting and less useful, but I'm probably just getting old so my tastes don't align with fashion, if they ever did!
I am mild hoarder. I browse Web and write this comment using Tor Browser on Android.
The thing I love about Tor Browser is such that when I end the session all tabs are gone. No more unlimited "interesting" tabs left opened for months. If I want to leave some information for later then I bookmark it in note app with a proper commentary why I would need it.
A few months ago i noticed an up tick on the number of people subscribing to my blog. It went from a single person Per day to dozens.
Looking at my logs, I couldn't identify where these people are coming from. I've added a bunch of checks to make sure it's not an automated script, but they seem legit. Until I started i started looking at their ip addresses.
Every single ip is from a tor exit node. I have no idea if these are fake users or real ones. I can't tell if I should be worried or excited.
Tor users are reading your blog, what’s to worry about?
Unless your blog is about online privacy, it does sound sus, though. If it’s all from a single actor, I wonder what the end-game is. Is it on the level where it’s starting to cost more to maintain?
`Other reasons`. Would love to know other use-cases for Tor Browser Bundle besides the ones mentioned in the info-graphic. One other reason not mentioned is recon and intelligence gathering, or OSINT. I do little investigations on various topics, safe in the knowledge I'm anonymous doing so. Need to lookup about erectile dysfunction? (ED). Then Tor's perfect for that.
This will be a contested opinion, but I believe full anonymity allows people to become the worst version of themselves.
I've used Tor for a very brief period once in my life, and that was to purchase adderall off of either Silk Road or AlphaBay (I can't remember), and I'm unsure of what the Tor ecosystem is like today, but not even that long ago, the vast majority of the Tor network was used for crime - ranging from child pornography, to hitmen available for hire, banned weapons, and obviously, for drugs.
I did not come across anything meaningful browsing the onion ecosystem, but left with a depressing insight of anonymity.
On a higher level pov, anonymity allows some of the most toxic and damaging ideas to brew and fester.
This is easily pointed out by the characteristics and behaviors between Twitter accounts that have an association with a real individual as opposed to ones that don't.
The difference in what they tweet is staggering.
Not to mention sites like 4chan and it's children.
Don't get me wrong, I'm rather against Big Brother or ISPs tracking and selling off our data, but absolute full anonymity is just an invitation for some of the worst things to happen.
I think the Tor Network is similar to the clear web in that it can be used the way its users want it to be.
Mind you, if you look to buy drugs on Instagram or Facebook you’ll find many outlets.
Your experience is limited to the markets because that’s what you were after presumably.
We created the BBC Tor site to help audiences access BBC News where they can’t and also to provide more secure access if they want.
You probably don’t know how bad the internet in China or Iran is. Imagine you can’t access any news site other than the government’s own outlets, and forget about social media.
We expected our Tor site to serve more users in Iran but interestingly we found more users coming to BBC Chinese, BBC Mundo and BBC Portuguese.
We think we are getting more users from Hong Kong and Brazil who are doing it for the sake of privacy rather than circumvention (our clear web sites are still accessible in Hong Kong).
At times when the news flares up, we get more users for BBC Russian, presumably because news consumers there want to have access to an independent source of news.
> This will be a contested opinion, but I believe full anonymity allows people to become the worst version of themselves.
> …
> On a higher level pov, anonymity allows some of the most toxic and damaging ideas to brew and fester.
You mention Twitter, but haven’t mentioned Facebook. That anonymity makes people to become or expose the worst version of themselves — or that anonymity allows some of the most toxic and damaging ideas to brew and fester — isn’t necessarily completely true. On Facebook, people use their real names, post personal photos (including participation in local events), their location, etc., and there’s still a huge amount of toxic ideas from these same non-anonymous people that brew there and are allowed to (because that makes the company more money).
I don’t disagree that anonymity allows people to be more honest in expressing themselves without filters. It’s one of the best things that happened with the Internet. But completely banning or not allowing anonymity isn’t the solution that some may immediately reach out for when faced with some social problems. Usually the people who dislike anonymity and want to eliminate it (I’m not saying it’s you) are those in power or want to be in power. And they don’t like it when people can organize outside their surveillance view.
If Twitter shut down tomorrow and all it's users flocked to Gab or Parler or whatever network is said to currently be infested with racists, would they all start posting racist tweets because now they're covered by moderation matching 1st amendment rights? No, that's not tenable.
Same applies to Tor, it just needs more users.
All "good" things have serious downsides. Free speech is good but if you defend it you'll no doubt at some point have to defend its use by a scumbag who using it in a scummy way - but the alternative is worse.
Same could be said for democracy, presumption of innocence, habeas corpus or any other of the cornerstones of a liberal society - they have big downsides but the alternative is worse. Sadly, right now, we're living the worse alternative to having strong privacy because people don't see it's value so we'll have to make do with Tor.
> I believe full anonymity allows people to become the worst version of themselves.
Your examples are not things that people are given anonymity and then do naturally - it's what people seek out anonymity to do. That is, you have cause and effect backwards.
Meanwhile, there is a difference between using Tor to access regular websites to avoid surveillance and using .onion sites.
Your ISP et al may not easily observe the contents of your Tor traffic, but if I’m not mistaken, the usage of Tor itself is easily detected and can have you flagged for further scrutiny. I’ve always seen this as a weakness of Tor. It would be nice if it had the bandwidth to be a default for e.g. Firefox which would solve this problem.
I've never used Tor and practically know nothing about it. But I always wondered about something like this many time.
I mean, while using Tor, sites can't track you or fingerprint you. But the fact you setup Tor in itself gives something to someone so that they can fingerprint you.
The issue I have with Tor Browser is the greater chance of 0day exploits for Tor Browser existing/being held onto, when compared to browsers like Chrome that have much greater resource for security.
Tor Browser is just an old version of Firefox, with lots of known vulnerabilities. FBI is well known to take over Tor hidden services and exploit the visitors with a 0-day/1-day, which makes it easy to de-anonymize them.
Privacy depends on security. Firefox is about 3-5 years behind security level of Chrome (Sandbox, Fuzzing efforts, hardening efforts, source code reviews, etc.).
Genuine question, what is Mozilla doing that's so bad? I know stuff like pocket etc but can't you turn this stuff off? Interested so I know what I'm missing and can make an informed decision.
Librewolf is really great, but you need to install an extension to be notified automatically of updates. It does well on browser fingerprinting/uniqueness tests (EFF's covermytracks, etc.).
Unzipping a random file into your privacy browser? Sometimes I really don't get these people. Feels like my neighbour who's antivax mostly because she ended up in that part of cyberspace where pharmacology can only do wrong. People overrate their own DIY alternatives.
Yeah... Can't really trust Tor these days can you? With unique members taking over multiple relays and exit points they can now relate where you're coming from and where you're exiting...
Really doesn't matter anymore how extensive it is the browser fingerprinting protection feature or the access you do through Tor.
This was always accounted for in Tor's threat model. That's why you take many different circuits depending on what location you're trying to reach.
That's also why for the highest security needs VPN+Tor is a recommendation. Although to be fair i personally believe if an actor is powerful enough to perform traffic analysis across the Tor network, they're probably powerful enough to correlate your computer activity with the VPN<->tor link.
Networks that resist metadata analysis are called mixnets and there's some interesting research about them. The downsides are you add latency (because each hop needs to randomize sleep) so bidirectional sessions like TCP is unthinkable. So nothing as usable as Tor Browser for checking your webmail or reading a blog.
Granted, neither of those are designed as proxies to the clearnet... and maybe that's one of the bad things about Tor besides its its history with DARPA.
[+] [-] commoner|4 years ago|reply
To enable Fingerprinting Protection in Firefox, go to about:config and set privacy.resistFingerprinting to true.
Some Firefox forks enable Fingerprinting Protection by default, including LibreWolf[3] (desktop) and Mull[4] (Android). If you are on Android, the release version of Firefox does not include access to about:config, and you'll need to either switch to Firefox Beta/Nightly or use a fork like Mull, Fennec F-Droid, or Iceraven to take advantage of this feature.
[1] https://wiki.mozilla.org/Security/Tor_Uplift
[2] https://support.mozilla.org/en-US/kb/firefox-protection-agai...
[3] https://librewolf.net
[4] https://f-droid.org/en/packages/us.spotco.fennec_dos/
[+] [-] 6LLvveMx2koXfwn|4 years ago|reply
Interesting side effect though.
[+] [-] summm|4 years ago|reply
[+] [-] karlzt|4 years ago|reply
https://github.com/CookieJarApps/SmartCookieWeb-preview
[+] [-] dwighttk|4 years ago|reply
[+] [-] ukfarmer|4 years ago|reply
For example, although tor --help still sends users to https://www.torproject.org/, as far as I know it's impossible to find the daemon documentation starting from there. The older website https://2019.www.torproject.org/ does have these docs, but it's surprisingly hard to turn up in a search. (You're much more likely to turn up old documentation on one of the man pages sites.)
It's interesting to compare https://www.torproject.org/ and https://2019.www.torproject.org/ more generally. To my eyes, the new site is uglier, less inviting and less useful, but I'm probably just getting old so my tastes don't align with fashion, if they ever did!
[+] [-] ttybird2|4 years ago|reply
[+] [-] imhoguy|4 years ago|reply
The thing I love about Tor Browser is such that when I end the session all tabs are gone. No more unlimited "interesting" tabs left opened for months. If I want to leave some information for later then I bookmark it in note app with a proper commentary why I would need it.
[+] [-] schleck8|4 years ago|reply
[+] [-] 2Gkashmiri|4 years ago|reply
used this for like a decade. this works like firefox focus on android.
[+] [-] firefoxd|4 years ago|reply
Looking at my logs, I couldn't identify where these people are coming from. I've added a bunch of checks to make sure it's not an automated script, but they seem legit. Until I started i started looking at their ip addresses.
Every single ip is from a tor exit node. I have no idea if these are fake users or real ones. I can't tell if I should be worried or excited.
[+] [-] asddubs|4 years ago|reply
[+] [-] 3np|4 years ago|reply
Unless your blog is about online privacy, it does sound sus, though. If it’s all from a single actor, I wonder what the end-game is. Is it on the level where it’s starting to cost more to maintain?
[+] [-] culopatin|4 years ago|reply
[+] [-] WallyFunk|4 years ago|reply
`Other reasons`. Would love to know other use-cases for Tor Browser Bundle besides the ones mentioned in the info-graphic. One other reason not mentioned is recon and intelligence gathering, or OSINT. I do little investigations on various topics, safe in the knowledge I'm anonymous doing so. Need to lookup about erectile dysfunction? (ED). Then Tor's perfect for that.
[+] [-] shroompasta|4 years ago|reply
I've used Tor for a very brief period once in my life, and that was to purchase adderall off of either Silk Road or AlphaBay (I can't remember), and I'm unsure of what the Tor ecosystem is like today, but not even that long ago, the vast majority of the Tor network was used for crime - ranging from child pornography, to hitmen available for hire, banned weapons, and obviously, for drugs.
I did not come across anything meaningful browsing the onion ecosystem, but left with a depressing insight of anonymity.
On a higher level pov, anonymity allows some of the most toxic and damaging ideas to brew and fester.
This is easily pointed out by the characteristics and behaviors between Twitter accounts that have an association with a real individual as opposed to ones that don't.
The difference in what they tweet is staggering.
Not to mention sites like 4chan and it's children.
Don't get me wrong, I'm rather against Big Brother or ISPs tracking and selling off our data, but absolute full anonymity is just an invitation for some of the worst things to happen.
[+] [-] bbcabdalla|4 years ago|reply
Mind you, if you look to buy drugs on Instagram or Facebook you’ll find many outlets.
Your experience is limited to the markets because that’s what you were after presumably.
We created the BBC Tor site to help audiences access BBC News where they can’t and also to provide more secure access if they want.
You probably don’t know how bad the internet in China or Iran is. Imagine you can’t access any news site other than the government’s own outlets, and forget about social media.
We expected our Tor site to serve more users in Iran but interestingly we found more users coming to BBC Chinese, BBC Mundo and BBC Portuguese.
We think we are getting more users from Hong Kong and Brazil who are doing it for the sake of privacy rather than circumvention (our clear web sites are still accessible in Hong Kong).
At times when the news flares up, we get more users for BBC Russian, presumably because news consumers there want to have access to an independent source of news.
BBC site on Tor:
https://bbcnewsd73hkzno2ini43t4gblxvycyac5aw4gnv7t2rccijh774...
[+] [-] newscracker|4 years ago|reply
> …
> On a higher level pov, anonymity allows some of the most toxic and damaging ideas to brew and fester.
You mention Twitter, but haven’t mentioned Facebook. That anonymity makes people to become or expose the worst version of themselves — or that anonymity allows some of the most toxic and damaging ideas to brew and fester — isn’t necessarily completely true. On Facebook, people use their real names, post personal photos (including participation in local events), their location, etc., and there’s still a huge amount of toxic ideas from these same non-anonymous people that brew there and are allowed to (because that makes the company more money).
I don’t disagree that anonymity allows people to be more honest in expressing themselves without filters. It’s one of the best things that happened with the Internet. But completely banning or not allowing anonymity isn’t the solution that some may immediately reach out for when faced with some social problems. Usually the people who dislike anonymity and want to eliminate it (I’m not saying it’s you) are those in power or want to be in power. And they don’t like it when people can organize outside their surveillance view.
[+] [-] brigandish|4 years ago|reply
Same applies to Tor, it just needs more users.
All "good" things have serious downsides. Free speech is good but if you defend it you'll no doubt at some point have to defend its use by a scumbag who using it in a scummy way - but the alternative is worse.
Same could be said for democracy, presumption of innocence, habeas corpus or any other of the cornerstones of a liberal society - they have big downsides but the alternative is worse. Sadly, right now, we're living the worse alternative to having strong privacy because people don't see it's value so we'll have to make do with Tor.
[+] [-] HWR_14|4 years ago|reply
Your examples are not things that people are given anonymity and then do naturally - it's what people seek out anonymity to do. That is, you have cause and effect backwards.
Meanwhile, there is a difference between using Tor to access regular websites to avoid surveillance and using .onion sites.
[+] [-] wolverine876|4 years ago|reply
> the vast majority of the Tor network was used for crime
How could you know the scope of the Tor network? Is that technically possible? Perhaps looking for ilicit goods, that's what was found?
Tor has sites for the Facebook, NY Times, BBC, ProPublica, Deutche Welle, Buzzfeed, and more.
[+] [-] foxfluff|4 years ago|reply
[+] [-] user3939382|4 years ago|reply
[+] [-] mayankkaizen|4 years ago|reply
I mean, while using Tor, sites can't track you or fingerprint you. But the fact you setup Tor in itself gives something to someone so that they can fingerprint you.
[+] [-] abdullahkhalids|4 years ago|reply
[+] [-] mayankkaizen|4 years ago|reply
I mean one can't see what I am browsing on Tor browser, but the fact I am using Tor or have downloaded Tor, is it also hidden information?
Sorry, I know very little about it.
[+] [-] foxfluff|4 years ago|reply
[+] [-] ugjka|4 years ago|reply
[+] [-] kreativ_py|4 years ago|reply
Remember, Zerodium revealed a 0day in all Tor Browser v7 and under once v8 had been released https://twitter.com/Zerodium/status/1039127214602641409
[+] [-] noobermin|4 years ago|reply
[+] [-] beebeepka|4 years ago|reply
[+] [-] dobin|4 years ago|reply
Privacy depends on security. Firefox is about 3-5 years behind security level of Chrome (Sandbox, Fuzzing efforts, hardening efforts, source code reviews, etc.).
[+] [-] twistedpair|4 years ago|reply
[+] [-] webmobdev|4 years ago|reply
[deleted]
[+] [-] account-5|4 years ago|reply
[+] [-] brobinson|4 years ago|reply
[+] [-] sidkshatriya|4 years ago|reply
Can you substantiate? I wonder if this is true.
[+] [-] JCWasmx86|4 years ago|reply
[+] [-] brnt|4 years ago|reply
[+] [-] ohcomments|4 years ago|reply
Really doesn't matter anymore how extensive it is the browser fingerprinting protection feature or the access you do through Tor.
I believe we need a new type of Tor...
[+] [-] southerntofu|4 years ago|reply
That's also why for the highest security needs VPN+Tor is a recommendation. Although to be fair i personally believe if an actor is powerful enough to perform traffic analysis across the Tor network, they're probably powerful enough to correlate your computer activity with the VPN<->tor link.
Networks that resist metadata analysis are called mixnets and there's some interesting research about them. The downsides are you add latency (because each hop needs to randomize sleep) so bidirectional sessions like TCP is unthinkable. So nothing as usable as Tor Browser for checking your webmail or reading a blog.
[+] [-] ravenstine|4 years ago|reply
https://yggdrasil-network.github.io/
Granted, neither of those are designed as proxies to the clearnet... and maybe that's one of the bad things about Tor besides its its history with DARPA.