On 03/16/2015 11:48 AM, Lars Edman @ LinuxSuSE wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you. [...] My reason for using a system installation for node/server use is that I've found it easier to configure the way I wanted than the BrowserBundle.
Do you consider this kind of installation insecure?
For client use, you should use the Tor Browser (Bundle), which (sadly) is not available yet in package repositories of Linux distributions. Tor Browser includes an updater, so it will notify you and then download, verify and install updates for you in a safe manner.
For relays, you should use whatever method is safe and convenient for you to keep your relay updated. Since you don't need the combined browser and are unlikely to run it in regular intervals on a server, the Tor Browser updater seems like a quite inconvenient method over, say, package repositories.
If you want to relay traffic and use Tor for web browsing on the same machine, you're at the moment best served by running two Tors -- "system installed" for relaying, Tor Browser for client (web) use. If you want to anonymize other applications (there be dragons), you can point them to your system Tor (with SOCKSPort configured).