Tor-node/relay: System installation vs. TorBrowser
Hi! I was referred to you from help@rt.torproject.org. when asking them if they discouraged from using tor as a client or node/relay with tor in a system installation. By "system installation" I mean installation of tor, libevent, libgeoip (and ev vidalia) together with openssl. I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you. My reason for asking is that I have been running a "system installed" tor node in my Slackware server for 3 years now. subsequently updating/grading them. It has served well and I monitor the log continously for warnings or errors correcting the when they very rarely occur (usually by updating/_grading). My reason for using a system installation for node/server use is that I've found it easier to configure the way I wanted than the BrowserBundle. Do you consider this kind of installation insecure? Best regards Larse
On Mon, 16 Mar 2015 11:48:34 +0100 "Lars Edman @ LinuxSuSE" <lars.edman@bredband.net> wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you.
Do you consider this kind of installation insecure?
This is generally considered insecure. There are a few things that the TBB does that a default Firefox configuration routed through a SOCKS proxy (Tor) doesn't do. For example, the TBB has NoScript (blocks JavaScript), HTTPSEverywhere (forces HTTPS on sites that support it), and the TBB also deletes cookies, history, and other data upon closing. And I'm sure there are a few other things that they wrap into the bundle (DNS leaks too); I don't follow TBB development closely enough to know the specific details. These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address. If you use HTTP, in theory, a Tor exit relay can sniff your login credentials. Files on disk, such as history, cached website files, cookies, can all be used to identify the sites you visit if your computer were to be inspected. TBB can also be run from removable media, so you can use a public library computer, for example, and run it from a USB drive. I personally just use the TBB. I download the archive and the signature from torproject.org using wget. I verify the archive using GPG, and then I extract & run it. Not too difficult. There's also a project[1] that has a launcher to automate this process. [1] https://github.com/micahflee/torbrowser-launcher
On 2015-03-16 14:24, Stephen R Guglielmo wrote:
On Mon, 16 Mar 2015 11:48:34 +0100 "Lars Edman @ LinuxSuSE"<lars.edman@bredband.net> wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you.
Do you consider this kind of installation insecure? This is generally considered insecure. There are a few things that the TBB does that a default Firefox configuration routed through a SOCKS proxy (Tor) doesn't do.
For example, the TBB has NoScript (blocks JavaScript), HTTPSEverywhere (forces HTTPS on sites that support it), and the TBB also deletes cookies, history, and other data upon closing. And I'm sure there are a few other things that they wrap into the bundle (DNS leaks too); I don't follow TBB development closely enough to know the specific details.
These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address. If you use HTTP, in theory, a Tor exit relay can sniff your login credentials. Files on disk, such as history, cached website files, cookies, can all be used to identify the sites you visit if your computer were to be inspected.
Note, however, that while these are all potential security issues, they're not all issues that apply to every situation. If your safety or livelihood depend on privacy or anonymity, obviously you need to be paranoid, and TBB is definitely the wise choice. However, if you just use Tor to surf geographically restricted websites, or to offer you moderate privacy from a snoopy ISP (hotel or public wifi hotspot access) and don't mind the stray request leaking, the proxy level application may well be sufficient, especially since you can configure applications to use system-wide proxy settings, giving you a one-click on-and-off switch. I suspect both uses are common use cases, and just using SOCKS proxies may well be good enough for some users, but if you value safety, security, privacy and anonymity, TBB is a much stronger solution. -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Stephen R Guglielmo: - ---8<---8<---8<--- > These are all security issues. Javascript can be used to uniquely > identify a machine and get your real IP address. - ---8<---8<---8<--- This is slightly misleading as to the efficacy of javascript fingerprinting, also while Tor Browser has (at least in the past) had to patch a few proxy-adherance issues with stock FF, it's unlikely that javascript would reveal your "real IP address", you may be thinking of the STUN WebRTC connector that was recently publicized, but Tor Browsers defence against this was just to remove the functionality entirely. On Tor Browser, javascript is enabled by default (but it is easily disabled.) However, it is *strongly* recommend that you use Tor Browser over any home-rolled attempt at making a private browser[1], Tor Project isn't forking and patching Firefox on the basis that it's a bit of a lark, there are seriously privacy issues that it patches out. The previously mentioned WebRTC[2], HTML5 Canvas Fingerprinting[3], and many other changes[1]. So in the case of browsing, use Tor Browser. When it comes to running a relay then a system install Tor is probably recommended, especially if you can use one of the Tor Project's officially provided repos, as it will make administrative tasks much easier than having Firefox running all the time to provide the Tor process for the relay. In the case of using other services over Tor, YMMV and funneling arbitrary application traffic through Tor is no guarantee of anonymity and if it's send over Tor with Tor Browser or a system service is unlikely to make a meaningful impact. - - cacahuatl [1] - https://www.torproject.org/projects/torbrowser/design/ [2] - https://trac.torproject.org/projects/tor/ticket/8178 [3] - https://en.wikipedia.org/wiki/Canvas_fingerprinting -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVB2zFAAoJEFmpmcH7mQWj7PIH/jkeCHzutovLmiylRukneyet kIohkJv48jNNPW1oIrh+3AHTxrncXjOMqxhhUUJnyuvu/85jjZSs+NumqgijQGue 8m2BqMHZWwNR1w4NXsFJjYyLTQr3n8kWExFY3zrs1UR3dkJSoFEUll+Qs9dZxpl2 khpEIkeWdAdqJpie6rccwqMOAkIBRrH1uNnf5RUHtmJQo7pthkDyPznYayYrJnHW TJQbvAkk/++HMEwv37vqhAtrrZkVUw/1HY9xIMS9zgUcwiezmgONSW7IiMi5ZkVj xA8d4Vcq28PmpTWl9JTw/qCkBmNefTgn9RDXw9vtHx4Hp+ULYaNoe3wpdMM04Vc= =gwXR -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
For example, the TBB has NoScript (blocks JavaScript)
You wish. https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVCC3mAAoJEHxAR3sGx+rLelgQAKHIbmYbzF6bDw6aU4IHosyB UAyWXOc4ehw/JEaHgmUq/2tJjDNwvo1S5Tsp8bxtOsuzrfbdJFBZ3f0quT1hrJn1 XQOMCtNcIxUEnBI0YSv/9tZBh2Dx1lB+lPI3U4dk+v1GinY01iFK4AE21wKige/Z jTaCuXT/9K5hRkY0azYZ2iVU9zRc6G1ADVbObcuooq19AmYMOcgu8obKR3i79B7d Bdq9tXVY+Z3fuebbkxUqDDTZpVkRTQeVFMoOmZWXXyVt87fpd1LrYEGmSnDSpbo+ hICV7IZqoqlgjQVnR0okbicUU4CHkgkvT1tnOd7FO1TAmG/18XrOtpOvgj94/WGn ItPZ2OnUseCGo2dEHMLgC9unHuZQIFuUS43Ozh262i18Fuyu9A2NsNJwRJKWorI8 fXI8xhC55mX4Jd10n7AZOgOV794XoRMAL3hsn0QIuz7I4xyO6fDv/JXVPhHuUUNH kXTLvrhqrgZPrNfNddcJtv6DJho+tvZX5ZnsQAQ27AJjzv3d2nAnzz5KjgkxE5OB Hsq/6mp243qdBmtu8Re2/CLPln5zmqNCqJJxMxvcXrWCBvi7ntLPfA9ggGdn+xRT x5N95d3qeB7fLwSrvqAM/oyaSFwpr2EHPfFlgOR2tNiBLoHRb11NbqOONWn0VuID 58CWyWWO5im2m+KZbFJP =sCJ2 -----END PGP SIGNATURE-----
On 03/16/2015 11:48 AM, Lars Edman @ LinuxSuSE wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you. [...] My reason for using a system installation for node/server use is that I've found it easier to configure the way I wanted than the BrowserBundle.
Do you consider this kind of installation insecure?
For client use, you should use the Tor Browser (Bundle), which (sadly) is not available yet in package repositories of Linux distributions. Tor Browser includes an updater, so it will notify you and then download, verify and install updates for you in a safe manner. For relays, you should use whatever method is safe and convenient for you to keep your relay updated. Since you don't need the combined browser and are unlikely to run it in regular intervals on a server, the Tor Browser updater seems like a quite inconvenient method over, say, package repositories. If you want to relay traffic and use Tor for web browsing on the same machine, you're at the moment best served by running two Tors -- "system installed" for relaying, Tor Browser for client (web) use. If you want to anonymize other applications (there be dragons), you can point them to your system Tor (with SOCKSPort configured). -- Moritz Bartl https://www.torservers.net/
participants (6)
-
cacahuatl -
Dave Warren -
Lars Edman @ LinuxSuSE -
Moritz Bartl -
Niklas Femerstrand -
Stephen R Guglielmo