Use TOR like a normal browser

Hi, I wanted to ask a question about TOR, being a beginner I don’t know all the mechanisms, I state that I’m more interested in improving security than privacy, and excuse my English, I’m using Google translator.
I’m interested in increasing the security of my internet browsing, and I’m interested in TOR, right now I’m using Firefox with the changes to the about:config and the privacy addons written on Privacytools, now I tell myself if I install TOR that has already of his the changes to the about:config, and I personalize it with the privacy addon, at the level of fingerprinting it would become as if I were using Firefox, I guess.
So why do I want to use TOR?
The reason is because I save my work on the about:config :laughing: , and I am interested in the .onion versions of the sites I visit, such as SearX, if I understand correctly, they are better at the security level of the clearnet HTTPS versions.
Leaving aside the real reason why TOR exists, that of having a not-unique fingerprinting, my doubt is whether it is more insecure to use TOR in this way because of how it works, than using Firefox. :thinking:
I hope I was clear.

1 Like

what about use firefox (with more than profile) for your habits like watching netflix (in streaming firefox profile) & do other websites in tor (like news websites & other websites)

TOR is more private than Firefox, but in order for it to work properly, you can’t change any settings or install any addons. Also, you should never login to any accounts (including Netflix) when using Tor, as it could expose your real IP address and your real name.

Use Firefox for social media and watching netflix, and use Tor for general web browsing.

1 Like

Well, what you said about never logging into accounts using Tor Browser really depends on your threat model. If you want to conceal your ip from certain websites (even if you have to log in), Tor is a good tool for that. Of course, when first registering your account it’s advisable to be on Tor Browser, as else when you log into an account that was created using the clearnet with Tor Browser, it would be pointless as they would already have your ip. And of course it always helps security if you use Tor Browser even if you’re not anonymous, and it helps the network if you use Tor Browser for normal activities like logging into accounts, it makes it more difficult to track other people on the network.

2 Likes

I’m kind of skeptical about the “never logging in” from Tor. I could understand if it’s something like Facebook, where you’re (in theory) using your real name, but how would it expose your clearnet IP?

As I understand it, in the cases where people have been deanonymized, it was due to a combination of malicious exit nodes, traffic analysis, and in some cases malware downloaded through suspicious websites. Also, in many of those cases, the users were targeted specifically; see https://www.eff.org/pages/playpen-cases-frequently-asked-questions#howdidplaypenmalwarework for one example.

So, as others have pointed out here, it depends on your threat model. I understand wanting to be anonymous, but at the same time, I doubt that you’re being targeted specifically.

EDIT: Can some of the team members contribute any missing information here? Tor is rather complex so I can see why there are lots of misunderstandings about it.

1 Like

On a side note, welcome to the community, Mongibello! Feel free to ask any other questions you may have!

1 Like

First of all, there is never 100% anonymity. There are trillions of possibilities to track people nowadays, and of course, we all use our computers in a different way. Then, there are security vulnerabilities. The Tor Browser heavily depends on Mozilla and their Firefox development. As we all saw several weaks ago, a simple mistake by Mozilla disabled all Tor Browser addons without any warnings for days.

Furthermore, third parties can monitor your network traffic and see that you are using the Tor network due to specific ports and patterns. So, it all depends on your threat model. At least in one case, somebody got identified since he only used the Tor Browser for a specific purpose and thanks to correlation it was possible to find this person.

Regarding hidden services and HTTPS: Hidden services (.onion domains) automatically come with public-key crypto, so traffic to a hidden service is encrypted. However, HTTP (no S) via Tor has the same effect as HTTP via a VPN provider: There is a centralized party in the network that sees your traffic in cleartext. HTTPS should be fine as long as you ensure that you are actually connected to the right endpoint (and not to a man-in-the-middle).

So, for example, use Firefox for your “normal” accounts, which contain personal data, and the Tor Browser for everything else. Don’t change the Tor Browser’s configuration and don’t add any additional addons to the Tor Browser. Changing the configuration of Firefox could make it easier to identify you (the web browser), but it isn’t the purpose of FF to make its users anonymous. (Besides, Mozilla backports features of the Tor Browser from time to time, so sometimes about:config guides are outdated.)

2 Likes

Well, I believe most people actually got busted because of their own lack of opsec, like people using their real clearnet email for illegal stuff on the Tor network and other stupid stuff.