-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Stephen R Guglielmo: - ---8<---8<---8<---
These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address.
- ---8<---8<---8<---
This is slightly misleading as to the efficacy of javascript fingerprinting, also while Tor Browser has (at least in the past) had to patch a few proxy-adherance issues with stock FF, it's unlikely that javascript would reveal your "real IP address", you may be thinking of the STUN WebRTC connector that was recently publicized, but Tor Browsers defence against this was just to remove the functionality entirely. On Tor Browser, javascript is enabled by default (but it is easily disabled.)
However, it is *strongly* recommend that you use Tor Browser over any home-rolled attempt at making a private browser[1], Tor Project isn't forking and patching Firefox on the basis that it's a bit of a lark, there are seriously privacy issues that it patches out. The previously mentioned WebRTC[2], HTML5 Canvas Fingerprinting[3], and many other changes[1].
So in the case of browsing, use Tor Browser.
When it comes to running a relay then a system install Tor is probably recommended, especially if you can use one of the Tor Project's officially provided repos, as it will make administrative tasks much easier than having Firefox running all the time to provide the Tor process for the relay.
In the case of using other services over Tor, YMMV and funneling arbitrary application traffic through Tor is no guarantee of anonymity and if it's send over Tor with Tor Browser or a system service is unlikely to make a meaningful impact.
- - cacahuatl
[1] - https://www.torproject.org/projects/torbrowser/design/ [2] - https://trac.torproject.org/projects/tor/ticket/8178 [3] - https://en.wikipedia.org/wiki/Canvas_fingerprinting