Hi!
I was referred to you from help@rt.torproject.org. when asking them if they discouraged from using tor as a client or node/relay with tor in a system installation. By "system installation" I mean installation of tor, libevent, libgeoip (and ev vidalia) together with openssl.
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you.
My reason for asking is that I have been running a "system installed" tor node in my Slackware server for 3 years now. subsequently updating/grading them. It has served well and I monitor the log continously for warnings or errors correcting the when they very rarely occur (usually by updating/_grading). My reason for using a system installation for node/server use is that I've found it easier to configure the way I wanted than the BrowserBundle.
Do you consider this kind of installation insecure?
Best regards
Larse
On Mon, 16 Mar 2015 11:48:34 +0100 "Lars Edman @ LinuxSuSE" lars.edman@bredband.net wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you.
Do you consider this kind of installation insecure?
This is generally considered insecure. There are a few things that the TBB does that a default Firefox configuration routed through a SOCKS proxy (Tor) doesn't do.
For example, the TBB has NoScript (blocks JavaScript), HTTPSEverywhere (forces HTTPS on sites that support it), and the TBB also deletes cookies, history, and other data upon closing. And I'm sure there are a few other things that they wrap into the bundle (DNS leaks too); I don't follow TBB development closely enough to know the specific details.
These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address. If you use HTTP, in theory, a Tor exit relay can sniff your login credentials. Files on disk, such as history, cached website files, cookies, can all be used to identify the sites you visit if your computer were to be inspected.
TBB can also be run from removable media, so you can use a public library computer, for example, and run it from a USB drive.
I personally just use the TBB. I download the archive and the signature from torproject.org using wget. I verify the archive using GPG, and then I extract & run it. Not too difficult. There's also a project[1] that has a launcher to automate this process.
On 2015-03-16 14:24, Stephen R Guglielmo wrote:
On Mon, 16 Mar 2015 11:48:34 +0100 "Lars Edman @ LinuxSuSE"lars.edman@bredband.net wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you.
Do you consider this kind of installation insecure?
This is generally considered insecure. There are a few things that the TBB does that a default Firefox configuration routed through a SOCKS proxy (Tor) doesn't do.
For example, the TBB has NoScript (blocks JavaScript), HTTPSEverywhere (forces HTTPS on sites that support it), and the TBB also deletes cookies, history, and other data upon closing. And I'm sure there are a few other things that they wrap into the bundle (DNS leaks too); I don't follow TBB development closely enough to know the specific details.
These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address. If you use HTTP, in theory, a Tor exit relay can sniff your login credentials. Files on disk, such as history, cached website files, cookies, can all be used to identify the sites you visit if your computer were to be inspected.
Note, however, that while these are all potential security issues, they're not all issues that apply to every situation. If your safety or livelihood depend on privacy or anonymity, obviously you need to be paranoid, and TBB is definitely the wise choice.
However, if you just use Tor to surf geographically restricted websites, or to offer you moderate privacy from a snoopy ISP (hotel or public wifi hotspot access) and don't mind the stray request leaking, the proxy level application may well be sufficient, especially since you can configure applications to use system-wide proxy settings, giving you a one-click on-and-off switch.
I suspect both uses are common use cases, and just using SOCKS proxies may well be good enough for some users, but if you value safety, security, privacy and anonymity, TBB is a much stronger solution.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Stephen R Guglielmo: - ---8<---8<---8<---
These are all security issues. Javascript can be used to uniquely identify a machine and get your real IP address.
- ---8<---8<---8<---
This is slightly misleading as to the efficacy of javascript fingerprinting, also while Tor Browser has (at least in the past) had to patch a few proxy-adherance issues with stock FF, it's unlikely that javascript would reveal your "real IP address", you may be thinking of the STUN WebRTC connector that was recently publicized, but Tor Browsers defence against this was just to remove the functionality entirely. On Tor Browser, javascript is enabled by default (but it is easily disabled.)
However, it is *strongly* recommend that you use Tor Browser over any home-rolled attempt at making a private browser[1], Tor Project isn't forking and patching Firefox on the basis that it's a bit of a lark, there are seriously privacy issues that it patches out. The previously mentioned WebRTC[2], HTML5 Canvas Fingerprinting[3], and many other changes[1].
So in the case of browsing, use Tor Browser.
When it comes to running a relay then a system install Tor is probably recommended, especially if you can use one of the Tor Project's officially provided repos, as it will make administrative tasks much easier than having Firefox running all the time to provide the Tor process for the relay.
In the case of using other services over Tor, YMMV and funneling arbitrary application traffic through Tor is no guarantee of anonymity and if it's send over Tor with Tor Browser or a system service is unlikely to make a meaningful impact.
- - cacahuatl
[1] - https://www.torproject.org/projects/torbrowser/design/ [2] - https://trac.torproject.org/projects/tor/ticket/8178 [3] - https://en.wikipedia.org/wiki/Canvas_fingerprinting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
For example, the TBB has NoScript (blocks JavaScript)
You wish.
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
On 03/16/2015 11:48 AM, Lars Edman @ LinuxSuSE wrote:
I found they today absolutely discouraged from the use of such a "system installation" when using tor as a client. When it came to using tor as a node/relay or running a server they referred the question to you. [...] My reason for using a system installation for node/server use is that I've found it easier to configure the way I wanted than the BrowserBundle.
Do you consider this kind of installation insecure?
For client use, you should use the Tor Browser (Bundle), which (sadly) is not available yet in package repositories of Linux distributions. Tor Browser includes an updater, so it will notify you and then download, verify and install updates for you in a safe manner.
For relays, you should use whatever method is safe and convenient for you to keep your relay updated. Since you don't need the combined browser and are unlikely to run it in regular intervals on a server, the Tor Browser updater seems like a quite inconvenient method over, say, package repositories.
If you want to relay traffic and use Tor for web browsing on the same machine, you're at the moment best served by running two Tors -- "system installed" for relaying, Tor Browser for client (web) use. If you want to anonymize other applications (there be dragons), you can point them to your system Tor (with SOCKSPort configured).
tor-relays@lists.torproject.org
-
cacahuatl -
Dave Warren -
Lars Edman @ LinuxSuSE -
Moritz Bartl -
Niklas Femerstrand -
Stephen R Guglielmo