Does Tor always log you out everywhere whenever u restart it?

user14702389 · 2019-07-06T16:24:35.265Z

im considering using Tor as a browser even though im a newbie, but i would find it impractical having to log in on every site whenever i quit and re-open the browser, if that’s how it works.

jonah · 2019-07-06T16:27:52.448Z

Yes, it’s set to “Private Browsing” by default and I don’t think that can be disabled in the browser settings. Maybe someone else here will be able to chime in with some info about that, @blacklight447?

esmailelbob · 2019-07-06T18:27:22.437Z

yup its delete data to save your privacy (if tracking cookies came) but maybe you can change this settings

infosechandbook · 2019-07-07T07:14:13.687Z

Does Tor always log you out everywhere whenever u restart it?

Technically, the Tor Browser doesn’t log you out. Technically (and in every web browser), you get cookies from a web application after logging in. This (session) cookie contains information proving that you logged in before. Your client sends these cookies with each request to the server, the server looks at it and reacts accordingly. If you delete such cookies on the client side, your proof is gone and the server assumes that you didn’t log in before. This is basically how authentication works on the internet.

In case of Tor Browser, “Private Browsing” is enabled. This means that Tor Browser deletes all cookies (and other local data) as soon as you close it. See also https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history. This isn’t a unique feature of Tor Browser, but standard configuration that comes with Firefox and other web browsers. Private Browsing only removes local data on your machine. There is no gain in privacy on the server side.

Zlivovitch · 2019-07-07T19:10:19.055Z

Hey, Mr Handbook,

I have now completed a thorough reading of your site, and can confirm it’s very good.

The only drawback is, you’re showing 2FA (and some other security and privacy-related technologies) as being even more difficult to master correctly than I thought – and that’s a tall order…

Keep up the good work.

virticalizes · 2019-07-08T12:52:03.866Z

That’s correct. By default, it doesn’t save cookies, history, etc., like the standard version of Firefox (it’s a fork of Firefox, albeit a heavily-“armored” one) in “Private Browsing” mode. You can change the settings to save logins, but I’m not sure if that would affect your anonymity or not. One of the ideas with Tor is to make your device look as similar to others as possible, but if your Tor Browser is modified, that affects it in terms of how unique it appears. Is that correct, community? Need your help on this one.

For instance, the site AmIUnique will tell you if your browser/OS has a unique fingerprint. I’ve noticed that when using Tor, it tends to say that it either doesn’t have a unique fingerprint, or almost has a unique fingerprint. (Is there another post about browser/device fingerprinting?)

For Tor, I’ve started saving my logins with an offline password manager (either KeePass or Seahorse for Linux). This has helped me get around Tor not saving login info. What operating system do you have? I’m sure there’s equivalent password managers for whichever setup you have.

XTHPusi64Q · 2019-07-08T12:58:38.818Z

I never save my logins in any browser (be that hardened Firefox or Tor). I have my paswword manager for that.

virticalizes · 2019-07-08T13:00:04.823Z

Do you use KeePass, or which manager do you recommend? I’m using KeePassXC at the moment.

XTHPusi64Q · 2019-07-08T13:03:25.022Z

I use KeePassXC for TOTP, Bitwarden for PW manager. I like them both. The UI of the former is not easy for me so it works for me as TOTP. Moreover it’s cross-platform! I am not screwed if my phone gets stolen.