[tor-relays] Tor-node/relay: System installation vs. TorBrowser

cacahuatl cacahuatl at autistici.org
Mon Mar 16 23:52:41 UTC 2015

Hash: SHA512

Stephen R Guglielmo:
- ---8<---8<---8<---
> These are all security issues. Javascript can be used to uniquely 
> identify a machine and get your real IP address.
- ---8<---8<---8<---

This is slightly misleading as to the efficacy of javascript
fingerprinting, also while Tor Browser has (at least in the past) had
to patch a few proxy-adherance issues with stock FF, it's unlikely
that javascript would reveal your "real IP address", you may be
thinking of the STUN WebRTC connector that was recently publicized,
but Tor Browsers defence against this was just to remove the
functionality entirely. On Tor Browser, javascript is enabled by
default (but it is easily disabled.)

However, it is *strongly* recommend that you use Tor Browser over any
home-rolled attempt at making a private browser[1], Tor Project isn't
forking and patching Firefox on the basis that it's a bit of a lark,
there are seriously privacy issues that it patches out. The previously
mentioned WebRTC[2], HTML5 Canvas Fingerprinting[3], and many other

So in the case of browsing, use Tor Browser.

When it comes to running a relay then a system install Tor is probably
recommended, especially if you can use one of the Tor Project's
officially provided repos, as it will make administrative tasks much
easier than having Firefox running all the time to provide the Tor
process for the relay.

In the case of using other services over Tor, YMMV and funneling
arbitrary application traffic through Tor is no guarantee of anonymity
and if it's send over Tor with Tor Browser or a system service is
unlikely to make a meaningful impact.

- - cacahuatl

[1] - https://www.torproject.org/projects/torbrowser/design/
[2] - https://trac.torproject.org/projects/tor/ticket/8178
[3] - https://en.wikipedia.org/wiki/Canvas_fingerprinting


More information about the tor-relays mailing list