How to use Tor Browser for security not anonymity? How to use TBB using clearnet?
TLDR: 1) How can one easily hack TBB to use clearnet? [1] (idea [2]) 2) How can one enable cookies to persist in TBB? 3) How can one re-enable the Firefox password manager in TBB so one can store passwords? To archive that I've disabled private browser and tinkered with lots of torbutton Firefox config settings to no avail. Could you please kindly advice on how to archive that? Long: Tor Browser is better hardened than regular Firefox and over time, it will be even better hardened, even sandboxed. For clearnet browsing where Tor is either not required or creating a mess (such as online banking), it would be awesome if one could use Tor Browser without going through Tor. I guess it's very safe to assume, the most users won't use TBB exclusive. They also want to use clearnet. But the value of a super hardened secure browser TBB is somewhat reduced when then using a non-hardened browser for clearnet use, which could lead to system compromise. Of course this TBB hacking for clearnet use would for now only be advise able for advancement users to not mess up a Tor Browser actually using Tor vs a Tor Browser actually using clearnet. Would be up to oneself to have some protections in place such as using a dedicated VM or computer for that purposes so that one won't accidentally confuse one browser with another. Cheers, Patrick [1] I hear, at some point in future, TBB will no longer have TCP compiled in, and only use unix domain sockets. That's awesome for TBB use with Tor, but makes TBB use with clearnet hard. Long term a solution to redirect TOR_SOCKS_IPC_PATH to clearnet would be needed. [2] Idea how to hack TBB to use clearnet. We could set these environment variables: export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 export TOR_SKIP_CONTROLPORTTEST=1 export TOR_SKIP_LAUNCH=1 export TOR_SOCKS_IPC_PATH=/path/to/unix-domain-socket-file then use socat to redirect to unix domain socket file to 9150. On 9150, we could have a local ssh server running sudo apt-get install openssh-server and then use ssh to open a local socks port forwarding to our local ssh server, which then would use clearnet. sudo apt-get install openssh-client ssh -D 9150 user@127.0.0.1
Patrick Schleizer:
1) How can one easily hack TBB to use clearnet? [1] (idea [2])
I believe all you need is: pref("network.proxy.type", 0); and possibly disabling Torbutton (which is a good idea any way since it will only add confusion in that setup).
2) How can one enable cookies to persist in TBB?
IIRC all you need is to disable Private Browsing mode: pref("browser.privatebrowsing.autostart", false); That has several other consequences, but at least some has individual prefs for toggling back to what the Private Browser mode does (I wouldn't be surprised if Tor Browser already change many of these prefs like that).
3) How can one re-enable the Firefox password manager in TBB so one can store passwords?
In addition to disabling Private Browsing mode you just have to enable the feature: pref("signon.rememberSignons", true);
To archive that I've disabled private browser and tinkered with lots of torbutton Firefox config settings to no avail. Could you please kindly advice on how to archive that?
YMMV for the above prefs and their exact behavior, but I want to make a point that all you ask for can be achieved by setting a few prefs, so it's only a matter of providing a profile with the necessary different defaults. I don't think introducing more environment variables, like you suggest in [2], is an improvement over this. For the record, providing a different "clearnet" profile for Tor Browser is how we implement Tails' Unsafe Browser. Cheers!
participants (2)
-
anonym -
Patrick Schleizer