Can you use the Tor Browser without Tor connection? - gHacks Tech News

Can you use the Tor Browser without Tor connection?

Tor Browser is a web browser specifically designed for privacy and anonymity. The web browser is a modified version of Firefox ESR that includes privacy tweaks and even some extensions to improve privacy and security on the Internet.

What makes it special is that all connections go through several severs of the Tor network before they connect to the destination.

Connections to Tor improve privacy when you are online but could you, in theory, run Tor Browser without Tor?

Tor Browser without Tor would still provide better out-of-the-box privacy than Firefox ESR or Firefox Stable -- and other browsers. It is arguably the browser with the best default privacy configuration which might make it attractive to some users.

Dropping Tor reduces privacy while online but that can be compensated, e.g. by connecting to a VPN or even chaining VPN services and it would speed things up significantly. Tor is the better choice when it comes to critical tasks, e.g. leaking documents or communication.

Modifying Tor Browser

tor browser without tor

You need to start Tor Browser to make the following modifications to it.

Attention: I suggest you use a portable copy of the browser to make these modifications and keep an original copy on the computer as well; you may then use either one of the solutions depending on what you want to do on the Internet.

  1. Load about:config?filter=network.proxy.socks_remote_dns in the browser's address bar.
  2. Double-click on the preference to set it to false.
  3. Use the search on the page to display extensions.torlauncher.start_tor.
  4. Double-click on the preference to set it to false.
  5. Load about:addons in the Tor Browser address bar.
  6. Locate Tor Launcher and click on the disable button next to it to disable the extension.
  7. Load about:preferences#general in the browser's address bar.
  8. Scroll down to the Network section and activate the Settings button.
  9. Switch from Manual Proxy Configuration to No Proxy.
  10. Restart Tor Browser.

The result

Tor Browser loads as quickly as any other web browser once you have made the modifications. It works similarly to a heavily modified version of Firefox in that regard, e.g. after applying changes from the Ghacks user.js file for Firefox and installing the add-ons that Tor browser comes with by default (HTTPS Everywhere and NoScript).

It is certainly possible to modify Tor Browser further, or modify Firefox to improve privacy of the browser instead.

Tor Browser comes with many privacy and security modifications as outlined in the design document.

Closing Words

Whether it is a good idea to run Tor Browser without Tor, or use a different browser to improve online privacy is up for debate.

Now You: What is your take on this?

Summary
Can you use the Tor Browser without Tor connection?
Article Name
Can you use the Tor Browser without Tor connection?
Description
Can you run the privacy-focused Tor Browser without connection to the Tor network? And if you can, why would you? Let's find out!
Author
Publisher
Ghacks Technology News
Logo
Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. beemeup5 said on November 26, 2018 at 9:29 am
    Reply

    When it comes to out of the box privacy, Pale Moon is still among the best especially considering its development is not profit-motivated.

    The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.

    1. Kwasiarz said on November 26, 2018 at 10:04 am
      Reply

      If only the devs weren’t so childish.

    2. Tom said on November 26, 2018 at 11:02 am
      Reply

      Haha, good joke. :’D

      Since Pale Moon is based on a very old Firefox code base it can’t be have the latest privacy developments from Firefox. And really, not having telemetry doesn’t make the browser more private. But if you don’t believe this, then you don’t have telemetry do be enabled. That’s no reason at all to use another browser. If you say that you use Pale Moon for the one reason or another reason, that’s totally valid. But it’s nonsense to say that Pale Moon offers more privacy.

      1. rickmv said on November 26, 2018 at 11:17 pm
        Reply

        “…based on a very old Firefox code base…”

        And that’s a lame joke rolled around by those don’t know much about the project and underlying developed code, and web browsers in general. PaleMoon 28 is on UXP and getting distanced more from Mozilla code, but even ver. 27 is rock solid from privacy and even security stand point.

    3. Weilan said on November 26, 2018 at 11:14 am
      Reply

      I kinda wish there was a Firefox fork or something that uses the latest rendering engine builds, but has the UI of Firefox 3.x. I loved Firefox 2.x and 3.x. But after they released 4.x it because utter shit, I’ve been hating it since then and using Chrome since.

      I thought Pale Moon can act like this, but unfortunately it can’t. The rendering engine is so outdated many websites don’t work properly. For example imgur.com’s Ctrl+V function doesn’t work on Pale Moon.

      1. user17843 said on November 26, 2018 at 1:21 pm
        Reply

        “I kinda wish there was a Firefox fork or something that uses the latest rendering engine builds, but has the UI of Firefox 3.x. I loved Firefox 2.x and 3.x. But after they released 4.x it because utter shit, I’ve been hating it since then and using Chrome since.”

        Creating a browser is impossible nowadays without a workforce of hundreds of people.

        Even if it is only a frontend without the engine. If you include the engine, you need thousands of people.

    4. user17843 said on November 26, 2018 at 1:30 pm
      Reply

      “When it comes to out of the box privacy, Pale Moon is still among the best especially considering its development is not profit-motivated.

      The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.”

      What if there are only 300 users and everything they do is in vain?

      Anyway, both non-profit motivation and no-telemetry are not goot indicators for the quality of a browser.

      It may be to those who live in irrational fear of surveillance, but everyone who understands technology uses Linux + TOR on a separate physical machine for sensitive stuff already, which seperates everything from the day-to-day browsing.

      What’s the point of browsing privately when all you do is visit ghacks, youtube and pornhub?
      What’s the point of Pale Moon when you trade in harmless telemetry for potentially serious security incidents or a lack of usability and joy?

      1. Money said on November 26, 2018 at 4:42 pm
        Reply

        @user17843

        What “potentially serious security incidents”? Please expand on that, and if possible, contact the devs so they are aware of them.

        And for me, not having to fiddle with about:config to block Pocket is a big win to usability and “joy”.

      2. John Fenderson said on November 26, 2018 at 6:51 pm
        Reply

        @user17843:

        “What if there are only 300 users and everything they do is in vain?”

        It wouldn’t be in vain all. Just ask those 300 users.

        “everyone who understands technology uses Linux + TOR on a separate physical machine for sensitive stuff already, which seperates everything from the day-to-day browsing.”

        It is equally important to protect your day-to-day browsing, though.

        “harmless telemetry”

        I think it has yet to be shown that telemetry is without risk — at the very least, it exposes you to the software manufacturer. Also, even if it is 100% harmless, that in no way means that people are wrong for choosing to avoid it.

      3. user17843 said on November 26, 2018 at 10:10 pm
        Reply

        “It is equally important to protect your day-to-day browsing, though.”

        So my point is something along the lines of: If telemetry is a serious privacy violation to some people, then why is lack of security updates not a serious security violation to them? If their data to protect is so precious, that is?

        They use a browser due to lack of telemetry, but trust a couple of people working on this with all implications.

      4. John Fenderson said on November 27, 2018 at 5:14 pm
        Reply

        @user17843:

        “If telemetry is a serious privacy violation to some people, then why is lack of security updates not a serious security violation to them?”

        Pale Moon (and Waterfox, my preferred browser) gets security updates. That aside, you’d have to ask people who take the stance you’re describing here as I’m sure it varies from person to person.

        I would suggest, however, that we’re talking about two different kinds of security here. It’s entirely possible that a person can be more concerned about one than the other. For instance, it’s entirely possible that some people are more bothered when their software intentionally and actively engages in privacy violations as opposed to the browser passively and unintentionally containing a security flaw. Also, it’s entirely possible to mitigate against even unknown security flaws without taking security updates. There’s a million possible explanations here.

        “They use a browser due to lack of telemetry, but trust a couple of people working on this with all implications.”

        Yes, so? The size of the team involved seems an odd thing to bring up, as from a security point of view, the effect of team size is on the flavor of the possible vulnerabilities more than whether or not they exist.

        Also, “trust” is a very subjective thing, and when it comes to software houses, we are all working with very little information about how much trust is warranted. So people tend to make trust judgements from an emotional place rather than a technical one.

        Personally, I think the only supportable stance is to not trust any of them completely, and consider all software you’re running as a threat vector.

    5. Anonymous said on November 28, 2018 at 8:33 pm
      Reply

      > The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.

      And I don’t know of any browser developer that can claim to know how big their user base is. Not Mozilla, not Google, Microsoft or Apple.

      You even still need to define what a “user” is. Is it someone who has the browser installed, even if they don’t use it? Is it someone who uses it 5 hours a week? What if they also use another browser for 6 hours a week?
      What if they have multiple computers with the same browser installed? What if they downloaded the browser and any updates only once, but then deployed it to thousands of computers in their corporate network, with all telemetry and update checks blocked?

      It’s an intrinsically hard problem to figure out even just a rough guesstimate of how many users you might have.

      Pale Moon claiming that they don’t know it solely because they don’t collect enough data is some special bullshit. Even the number of downloads, which is something they do know for sure, can be enough to base your rough user numbers on.

      1. Klaas Vaak said on November 29, 2018 at 9:24 am
        Reply

        @Anonymous: true, not to mention those who install a browser, which the developer records, but then uninstalls the browser, which the developer does not record.

      2. John Fenderson said on November 30, 2018 at 11:45 pm
        Reply

        @Anonymous: “Even the number of downloads, which is something they do know for sure, can be enough to base your rough user numbers on.”

        I don’t think this is true at all, depending on your definition of “rough”. Lots of people download software, try it, and decide not to use it, or never even try it. Lots of people download the same software more than once, etc.

    6. efferle said on December 6, 2018 at 12:02 am
      Reply

      When it comes to out of the box privacy, just use the Tor Browser and *DO NOT* dabble/ blunder around.

      To satisfy an extra portion of safety, install the Add-Ons Cookie Autodelete, Privacy Badger, and Raymond Hill’s marvellous piece of engineering uMatrix. That’s it, no more, no less.

      1. Klaas Vaak said on December 6, 2018 at 12:21 pm
        Reply

        @efferle: sounds good.

        As an aside: uMatrix. I have seen the question – uBlockOrigin or uMatrix or both – debated, and in the end R. Hill himself said there is no compelling reason to use uM if you use uBO.

      2. efferle said on December 7, 2018 at 7:38 am
        Reply

        Exactly this, Klaas.

        uBlock Origin and uMatrix do pretty much the same thing, namely allowing or preventing ‘thingies’ from being executed in one’s browser, be it scripts, frames, images, media, cookies, and the like.

        The difference between the two Add-Ons lies primarily in their user interface, as well as in the user’s required ‘know how’. There is no need to use both of them at the same time in one’s user setting. You could, of course, as they both do not interfere with each other in a negative way, but that would result in some sort of useless ‘double work/ double maintenace’ to reach the same goal.

      3. Klaas Vaak said on December 7, 2018 at 1:15 pm
        Reply

        @efferle: thank for the clarification and confirmation.

  2. Anonymous said on November 26, 2018 at 11:43 am
    Reply

    “The Pale Moon team literally doesn’t know how large its user base is because there is simply no telemetry of any kind. I don’t know of any other browser developer that can say this.”

    What you said applies to Waterfox too, and probably also to some other privacy-hardened browsers.

    “its development is not profit-motivated”

    I think that Palemoon and Waterfox have search engine deals, so there’s still some commercial motivation in them above users interests (but they’re far from being as bad as Mozilla from that point of view).
    I don’t think that it’s the case for some of the GNU/Linux Firefox forks like Icecat and Abrowser, though I’m not sure.

    About user interests and privacy, the Palemoon dev has also demonstrated hostility to a script blocking extension and an anti-advertisement extension.

    1. Jody Thornton said on November 26, 2018 at 3:40 pm
      Reply

      Wow! I wish those Pale Moon fanboys that kept calling me a troll every time I slighted the Pale Moon team, could now see that I’m far from the only one that thinks the team is childish. I will admit that lately, I’ve become interested in Tobin’s Interlink mail client (can you imagine that???), but I’m so glad I’ve made the switch to Quantum.

    2. Money said on November 26, 2018 at 4:35 pm
      Reply

      NoScript is known to cause stability issues and AdNauseum relies on antithetical mechanisms.

      1. John Fenderson said on November 26, 2018 at 6:53 pm
        Reply

        @Money: “NoScript is known to cause stability issues”

        It is?? I haven’t seen any such issues in years. I don’t use the WE version of it, though, so if there’s an issue there, I’d remain unaware of it.

      2. Anonymous said on November 28, 2018 at 12:46 pm
        Reply

        “AdNauseum relies on antithetical mechanisms”

        What do you mean exactly ? We’re not arguing whether it’s an adblocker or not. It’s an extension designed to harm the ad business, and the Pale Moon dev took action against it exactly because it was harming the ad business, according to his own words. Even Mozilla didn’t dare to do that, and they exist mainly to satisfy the needs of the ad companies like Google that finance them while allowing them to pretend an alternative exists to Google Chrome.

    3. beemeup5 said on November 27, 2018 at 9:27 am
      Reply

      @Anonymous

      As far as Pale Moon is concerned, the search engine deals help the developer pay his bills as he works on the browser as a full-time job, not simply as a hobby. Users can of course opt out simply by not using the default Pale Moon Start Page which is set as the homepage for fresh browser installs.

      There is a subtle but important distinction between developing software to make money, and making money in order to keep developing software. Developing a niche browser is not a path one pursues if his desire is to be rolling in cash. One pursues this path because one is passionate about a specific goal, which in this case is making a browser that is extremely customizable and versatile while adhering to open web standards more so than any other browser. I say this time and time again, but if a site doesn’t work with Pale Moon, 99 out of 100 times it is because of two things:
      1) Discriminatory user agent sniffing.
      2) Site doesn’t implement proper web standards which may work in other browsers which are equally lax in enforcing said standards.

      The first one pushes the web towards a “walled garden” for which only a few players can gain legitimacy, while the second one pushes the web from a free and open system which anyone can join if they code to the established standards (a necessary but non-trivial task) to a system more and more designed by large entities with the clout to push their own standards and agendas e.g. Google and previously Microsoft.

      1. Klaas Vaak said on November 27, 2018 at 9:49 am
        Reply

        @beemeup5: if he is so passionate about Pale Moon, why is he developing yet another browser, Basilik?

      2. Money said on November 27, 2018 at 6:47 pm
        Reply

        @Klaas Vaak

        Basilisk is immaterial, on his words. It is the demo application for the UXP, nothing more.

      3. Anonymous said on November 28, 2018 at 1:06 pm
        Reply

        “There is a subtle but important distinction between developing software to make money, and making money in order to keep developing software.”

        Sure, but sometimes I hear people who mistakenly think that those devs are working for free, I wanted to make it clear that while lots of devs work for free in the free software community, that’s not the case here.
        More generally I know that the free software philosophy is not against making money from free software ; after all, there’s nothing wrong in being paid for one’s socially useful work. The problem is when the business model is about making money from unethical software anti-features (ads, spyware, DRM, other anti-user design choices dictated by whoever paid… and anti-privacy default search engines like Bing, Yahoo or Google). The free software philosophy implicitly assumed that software freedom was enough to make such a business model impossible, as it was so cheap for developers to fork out the crap that nobody would use the original version. It was true for a time, but Mozilla and others have proved this assumption wrong nowadays, as business can always make theoretical freedoms nonexistent in practice, through many mechanisms.

  3. Anonymous said on November 26, 2018 at 12:06 pm
    Reply

    “it can’t be have the latest privacy developments from Firefox”

    The main one is Tracking Protection, but that’s worthless compared to ublock origin. There may be other things, disabled by default, like resist-fingerprinting, first-party isolation and containers, but I suspect they’re a bit experimental and may break things. Personally I believe that with time, Firefox is adding more privacy aggressions than protections by default, and a lot of them are not clearly visible but hidden in a thousand cuts of small technical changes.

    “not having telemetry doesn’t make the browser more private”

    Of course it does make the browser more private. Privacy is not limited to not collecting bookmarks or browsing history (although they may be planning to collect them “anonymously” if they’re not already), it’s also about not sending less sensitive activity data by default if that’s not strictly necessary.

    “But if you don’t believe this, then you don’t have telemetry do be enabled.”

    Privacy should be the default, not reserved to the knowledgeable and motivated minority that knows it can’t trust Mozilla’s defaults and is ready to invest time to understand and change them.

    1. John Fenderson said on November 27, 2018 at 6:21 pm
      Reply

      “The main one is Tracking Protection”

      Is it? I hope not, because (as you acknowledge) Firefox’ tracking protection is far too anemic. The best I can say for it is that it’s better than nothing, but worse than all of the other options to deal with tracking.

  4. Yuliya said on November 26, 2018 at 12:26 pm
    Reply

    I hate what TBB v8 has done with UA spoofing, and I need my browser to easily spoof its user agent to mobile platforms on my daily browsing. “general.useragent.override” no longer works.

    1. gwacks said on November 26, 2018 at 3:40 pm
      Reply

      Congratulations!

  5. Klaas Vaak said on November 26, 2018 at 3:14 pm
    Reply

    The bottom line question is:

    for regular browsing, what is better for privacy: Tor without Tor connection modified as per Martin’s instructions above, or Firefox modified with the Ghacks user.js file?

    1. Klaas Vaak said on November 26, 2018 at 5:12 pm
      Reply

      And question 1B; if Tor is the answer, what extra extensions or about;config settings should be added in order to further improve its privacy?

      1. Pants said on November 27, 2018 at 9:02 am
        Reply

        > And question 1B; if Tor is the answer, what extra extensions or about;config settings should be added in order to further improve its privacy?

        My answer would be to add nothing, change nothing. As much as I hate the Web Extension of NoScript, live with it. And since you’re anonymized, and TB is hardened in so many ways, who really cares about JS. Who even cares about cookies etc. You have FPI (first party isolation), and can change to a new Identity whenever you like.

        The only drawback I see, is that new Identities are only auto-created per session. So if you wanted to isolate repeat visits within a session, you would need to manually change Identity. This is not about FP’ing, but rather tracking (think of any local storage such as a cookie, or a SSL session id, etc).


        ^^ That’s for general browsing etc. Most users will be at default. If you changed the slider, personally, I think that’s OK too, but you would technically be in a much much smaller set (hey, not everything out there uses every possible FP’ing technique – it’s always a worse case scenario). You real priorities should be Anonymity (check, you’re using TB over Tor) and Privacy (that’s all on you buddy!) where required (including the services you use)

      2. Klaas Vaak said on November 27, 2018 at 9:56 am
        Reply

        @Pants: thanks for your feedback.
        Don’t know what you mean by the “slider”.

      3. John Fenderson said on November 27, 2018 at 6:31 pm
        Reply

        @Pants: “As much as I hate the Web Extension of NoScript, live with it.”

        I tried. I can’t. This (plus the inability to sufficiently modify the Firefox UI and the constant additions of features that I needed to worry about) is why I abandoned Quantum.

      4. Pants said on November 28, 2018 at 6:34 am
        Reply

        @John Fenderson
        > I tried. I can’t….

        If you want to use Tor Browser, don’t modify it (and hence learn to live with NS). If you want to use Tor, then use the Tor Browser. I wasn’t talking about Firefox.

        In Firefox, hell yeah, dump that NS and use uMatrix :)

      5. John Fenderson said on November 28, 2018 at 6:38 pm
        Reply

        @Pants: ” If you want to use Tor, then use the Tor Browser. I wasn’t talking about Firefox.”

        I prefer to use Tor standalone (as a SOCKS proxy) rather than using the TB, because so much of my internet activity does not involve the web.

    2. Pants said on November 26, 2018 at 5:25 pm
      Reply

      Assumption1: Firefox is being used with a vetted VPN.


      ANONYMITY
      Tor Browser (TB) is specifically geared for ANONYMITY (free too, no need to pay for a VPN). Because it uses the Tor protocol, it has advantages over Firefox. A vetted, even audited, VPN could effectively offer the same anonymity (i.e linking back to your IP). So with due diligence, I do not think this becomes a factor.


      DIFFERENCES
      An awful lot of what TB does, can easily be achieved in Firefox. In fact, MOST of it can. The differences really boil down to TB code patches (bundled fonts, which actually reveal your OS), and the benefits of Tor (e.g packet stack stuff revealing your OS, which is negated by bundled fonts – don’t get me wrong, bundled fonts solve a lot of other problems). Another example is TB has protection against ClientRects, which Firefox currently doesn’t, but Canvas Blocker can randomize this.

      tl:dr; there’s very little you can’t already do in FF


      PRIVACY
      No browser can offer PRIVACY, that is up to the end user, to not give away their real ID (linkage via accounts, comments etc). OpSec is hard, but essential. Yes, you can have the “link” at a different point in the chain (eg using an anonymous email account, etc. Don’t confuse privacy with anonymity.


      FINGERPRINTING
      TB can offer a fingerprint with lower entropy, because they have a larger base, and it’s enforced (to a degree: the slider settings affect the fingerprint, and the UA HTTP Header uses 2 OSes and the navigator user agent uses four OSes, so there is some fragmentation). This can also possibly enable better security, because they enforce it, so if they disabled a media type, or a new API until they checked it out, everyone still looks the same. If you do that in FF (there’s always a pref for new tech), then you would stand out.


      SECURITY
      Yeah, lets just say theoretically TB is slightly more secure, but I really think it’s a draw: 1) Stable gets new features, and these take time to mature and bugs to be found – so they could be a risk even though they have cycles in nightly/dev etc and delayed pref flipping. 2) From above under FP’ing, because it doesn’t hurt the FP, they can turn off a lot of features, and those features could have exploits 3) NOTE: not all security patches in stable get ported to ESR, a lot of minor ones just aren’t worth the time and effort


      CAVEAT
      Be aware that TB v8 they enabled HTTP2, AltSrv, SSL Session IDs, and at default settings JS is enabled. And Tor traffic would likely stick out. But that said, it’s a very different model, because they use Tor. Although I definitely see issues here with first party repeat visits per Identity (Identities are not changed every 10 minutes like they used to), and I think this is a bad move.


      SUMMARY
      IMO, if you want to use Tor (the protocol) then do it with Tor Browser. Just browse the web, visit the odd hidden service. And if you don’t want to use Tor (protocol), then use Firefox (see assumption 1 at the top).

      It all depends on what your threat model or needs are. Lets just say that for all of use here, it’s just browsing the web. Then use Tor with Tor Browser, or Firefox with a vetted VPN over TCP/IP etc. Don’t try to mix and match them.

      https://www.torproject.org/about/torusers.html.en


      ^^ This is a bit of generalized reply off the top of my head, and to properly answer your question would take me a month of research :)

      1. Klaas Vaak said on November 26, 2018 at 6:27 pm
        Reply

        @Pants: wow, that is quite a reply for just off the top of your head. Your points are mostly clear (to a non-geek) and my gut feel pointed me in the same direction, though for well-argued reasons.

        I have implemented a number of Ghacks user.js settings in about: config. Many thanks for al the work you and the team do on that.

      2. gwacks said on November 27, 2018 at 6:22 am
        Reply

        @Pants

        Thank you for this big ass reply. I think something still remain unclear because you miss the view of TB over VPN and why we shouldn’t mix and match them. The *CAVEAT* you mentioned above is due to the Meek extension( I find it out in “\Tor Browser\Browser\TorBrowser\Data\Browser\profile.meek-http-helper\user.js”) for relieving the performace impact by traffic obfuscation I guess. As you said, a vetted, even audited, VPN service could effectively offer the same anonymity, and we can even chaining VPNs to enhance it furthermore. By using the original Tor browser, we keep the same results of feature detection (i.e. https://browserleaks.com/features) which hugely decrease the risk of browser fingerprinting; the VPN services keep us anonmity and drastically increase the general browsing experience meanwhile. So what about the deal of naked Tor browser without Tor plus VPNs?

        I think this case is worth of us to do more investigations. Thank you for your hard work. May god take off his pants.

      3. Pants said on November 27, 2018 at 8:50 am
        Reply

        > I think something still remain unclear because you miss the view of TB over VPN and why we shouldn’t mix and match them

        I didn’t want to write a book. There are multiple permutations here
        – TB over Tor
        – TB over Tor over VPN
        – TB over VPN over Tor
        – FF+VPN
        – FF+VPN over Tor
        – FF+Tor over VPN

        – VPN chaining, VPN multi-hopping (wot does this really do? it’s still the same VPN service: I should read more about it), and I’m sure there are others (proxies, uggh)

        It is not recommended by TB to use a VPN (see numerous questions about this on r/tor) for a variety of reasons. And AFAIC the same holds for FF. Do not mix and match. I’m not an expert on this stuff, but I trust what the experts do say (and I can’t fault their logic etc)

        > PRIVACY
        Just wanted to add MOAR on this word. A browser can’t guarantee privacy (except perhaps in transit: which is what I would call “security” e.g HTTPS : note: assuming no MitM such as cloudflare). When I mentioned OpSec, this was only half the equation.

        The full equation is that a browser has no control over BOTH end points. TB cannot control the human at one end, or the service/platform at the other.

      4. gwacks said on November 27, 2018 at 1:30 pm
        Reply

        I know what you mean by PRIVACY. The real problem is that it’s too hard to teach OpSec to normal non-technical people.

        The reason I think TB+VPN would be a good idea is the most obvious and almost identical benefit that a very bare non-technical user can get from without hugely tweaking the user.js and manipulate lots of addons like what we do in FF+ghack user.js+VPN bundle. But since the experts say so, we take it.

      5. John Fenderson said on November 27, 2018 at 6:24 pm
        Reply

        @gwacks: “The real problem is that it’s too hard to teach OpSec to normal non-technical people.”

        In my experience, it’s actually very easy to teach OpSec to normal people. What’s hard is getting them to actually engaging in proper operational security, since that requires getting them to constantly pay attention to the issue and to alter their behavior.

        People want a “set it and forget it” security solution that doesn’t require them to behave any differently. The problem is that such a solution doesn’t, and can’t, exist.

  6. Anonymous said on November 26, 2018 at 3:36 pm
    Reply

    I prefer Firefox ESR Portable with the Pant user.js + updater.bat + user-overrides.js. However I will switch to Chromium Portable soon, I tried Firefox 63 and among others I really hate the auto update notification.

    1. Anonymous said on November 27, 2018 at 4:05 am
      Reply

      app.update.* in about:config has the update settings. Looks like you can turn off the notification.

  7. gwacks said on November 26, 2018 at 3:42 pm
    Reply

    “What is your take on this?”

    I think it would be someting like “Oh, godamit! Why I didn’t get this point?” @Gone Pants
    But in my case I think the default ghacks user.js is even more strict than default TBB security settings (the *Standard* security level).
    Thanx Martin, very nice idea.

    1. Pants said on November 26, 2018 at 5:31 pm
      Reply

      In terms of local persistent data ghacks user.js isn’t (but you could easily match Tor Browser in that regard, the prefs are all there). But you’re not worried about computer forensics (note: some persistent storage can be used for tracking over the web).

      ghacks default would be tighter on shoulder surfers (but you can relax that if you want). That’s the beauty of all the prefs.

      In terms of FF+ghacks user.js+VPN vs TB over Tor – I think TB over Tor wins, slightly (assuming your VPN isn’t a lying asshole: and most are). But then Tor has issues too.

      You could actually take Tor and hardened it even more beyond the safest slider setting. I wrote a big ass reply to Klaas further up the comments, so read that so I don’t have to repeat myself :)

      1. gwacks said on November 27, 2018 at 6:25 am
        Reply

        “ghacks default would be tighter on shoulder surfers (but you can relax that if you want). That’s the beauty of all the prefs.”

        Yeah that’s exactly what I do. First I made a general custom user-overrides.js template to patch the default ghacks user.js for the daily no-login browsing. Then with two other custom user.js overriding the general template respectively, the user-overrides-public.js for public use which is most hardened and can resist the shoulder attack; the user-overrides-vanilla.js for more relaxed usage and testing.
        Flexibility and very well adaptability, that’s the beauty of ghacks’ user.js.

  8. Anonymous said on November 26, 2018 at 4:24 pm
    Reply

    “What’s the point of browsing privately when all you do is visit ghacks, youtube and pornhub?”

    You don’t consider your sexual orientation and fetishes to be something private ?
    You don’t mind commercial tracking selling all your activity to whoever wants to buy it ?
    You’re not aware that some people would be interested to know who watches and comments on some politically controversial material even on youtube ?

    “irrational fear of surveillance”

    Everybody is under surveillance, by businesses and police agencies, this is not a fear or a theory, this is something publicly known. Check that for a small sample of what exists

    https://en.wikipedia.org/wiki/Mass_surveillance

    1. John Fenderson said on November 26, 2018 at 6:57 pm
      Reply

      “Everybody is under surveillance, by businesses and police agencies, this is not a fear or a theory, this is something publicly known”

      I suspect that what he meant by this wasn’t that people were thinking that there is surveillance when there isn’t. I think what he means is that everyone should be happy to be surveillance, and if you aren’t comfortable with being exposed to the unending gaze of your tool and service providers, you must be suffering from some kind of mental illness.

      This is a pretty standard position for for-spying people to assert, anyway. Ubiquitous surveillance and gaslighting tend to go hand in hand.

      1. gwacks said on November 27, 2018 at 6:29 am
        Reply

        @John

        “Ubiquitous surveillance and gaslighting tend to go hand in hand.”

        I completly agree and that’s what China does to their people, which is even beyond evil. The CCP claims they are socialistic, that’s the biggest f*cking joke in the world. They’ve been so deep in love with surveillance capitalism.

      2. Klaas Vaak said on November 27, 2018 at 6:42 am
        Reply

        @gwacks: whereas in the good ol’ US of A it is not at all like that, there is no surveillance capitalism, right? There is no NSA snooping, right?

      3. gwacks said on November 27, 2018 at 1:58 pm
        Reply

        @ Klass

        You say so because you never even live a f*cking normal life for one day in China. What China is doing now even promotes the mass surveillance in democracies. That’s a disaster and risk to all over the world and humankind. I’d rather let NSA crack in my ass than be continuing raped by the CCP. If Martin had lived in the East Germany once upon a while, he must know what I mean.

      4. Klaas Vaak said on November 27, 2018 at 2:34 pm
        Reply

        @gwacks: you are sidestepping the issue, baby. Your mass surveillance attributed to China only happens in the US too, Edward Snowden furnished plenty of overwhelming proof thereof.

        You obviously live under a rock and have your head way up your backside so are blissfully unaware of the reality in that big world that is so frightening for you. So, do yourself a favour and read some better stuff than that standard US government propaganda that you lap up like a puppy and regurgitate like a loyal harebrained parrot.

        As for Martin, I suggest you leave his private life and his abodes out of this discussion, unless you have explicit permission from him to speculate about where he lived or did not live.

      5. Anonymous said on November 28, 2018 at 1:30 pm
        Reply

        “If Martin had lived in the East Germany once upon a while, he must know what I mean.”

        Stasi were amateurs compared to the NSA :
        https://opendatacity.github.io/stasi-vs-nsa/english.html

        “I’d rather let NSA crack in my ass”

        As long as you like it… ‘Murica

        I suppose you lived in East Germany and China to support all those opinions, surely you would not just rely on what western TV said ?

      6. Klaas Vaak said on November 28, 2018 at 5:04 pm
        Reply

        +1

      7. gwacks said on November 29, 2018 at 2:57 am
        Reply

        @Anonymous

        “surely you would not just rely on what western TV said ?”

        Of course not only what the *western TV* said, but also the Chinese who are CCP’s interest agents like this one I’ve already mentioned above:

        https://www.nytimes.com/2018/09/22/opinion/sunday/ai-china-united-states.html

      8. gwacks said on November 29, 2018 at 3:09 am
        Reply

        By the way, he is also the former president at Goolag China.

        https://en.wikipedia.org/wiki/Kai-Fu_Lee

      9. Klaas Vaak said on November 29, 2018 at 9:29 am
        Reply

        @gwacks: you can’t stop pushing your political agenda, can you.

      10. gwacks said on November 30, 2018 at 5:44 am
        Reply

        @Klaas: except the political agenda you would like me to push, right?

      11. Troubadour said on November 27, 2018 at 3:50 pm
        Reply

        Klaas Vaakuous, you’re such a vulgar contentious brainwashed ****. Your CONTINUAL pro-Russian anti-American screeds on our beloved tech site ghacks and your attacks on all those who don’t agree with you really drag ghacks down and mar it. You’re easily the number one contender for needing to be banned on here, but I doubt that will ever happen because Martin is too much of a gentleman and he lets you remain on here even though you REPEATEDLY stir up shit on here. PLEASE Klaas summon all your strength and be a gentleman and leave ghacks forever and take your pro-Putin anti-Western anti-American hatred and vulgarity somewhere where it’s appropriate and welcomed, not on our lovely precious tech site ghacks!

      12. Klaas Vaak said on November 27, 2018 at 5:31 pm
        Reply

        @Troubadour: a pea-sized brain like yours always has trouble understanding reality, and accepting it. Besides, your crony gwacks thought it appropriate to make a mendacious political statement out of the blue, and when someone spews lies as if they are the absolute truth, I react.

        Instead of choking on your own vitriol, I suggest you check out the whole thread to see how this got started, but I doubt you have the honesty to do that, never mind to admit reality, just like your crony gwacks. Hint: check out the 1st comment with China in it, if that is not too much for that oversized ego of yours.

      13. Captain Americaaa said on December 7, 2018 at 7:44 pm
        Reply

        @Troubadour

        What kind of fascist would believe that saying something bad about USA or something good about Russia would deserve a ban from this forum ?

        USA was born on the genocide of native americans to steal their land. It then grew on the genocidal slavery of black people. Had a civil war to transition to a more modern form of slavery. Didn’t enter Europe during WW2 in the hope that Hitler would destroy USSR, until USSR practically won the war alone, then when no defense was left USA invaded western Europe only to make sure they would be the ones controlling it. After the war they installed fascist regimes in many countries or invaded them in quasi genocidal wars because they were turning too left-wing for their taste, and to steal their natural ressources. They also enforced blockades to mass murder men, women and children through starvation and lack of medical care. They were also the main supporter of terrorism, used against their enemies (Bin Laden had worked for the CIA). They assassinate or imprison foreign political leaders, bomb weddings, mass torture people just for their own sadistic pleasure in their secret prisons. Death toll of the wealthy psychopath parasites ruling this country since it exists : hundreds of millions.

        Maybe the people supporting USA systematically should be the ones banned ?

      14. Klaas Vaak said on December 8, 2018 at 10:54 am
        Reply

        @Captain Americaaa: wow, spot on. +1 !!!

      15. John Fenderson said on November 27, 2018 at 6:27 pm
        Reply

        @gwacks: “I completly agree and that’s what China does to their people, which is even beyond evil.”

        Indeed, and it is no less evil that the US (government and corporations combined) does precisely the same thing.

      16. Klaas Vaak said on November 27, 2018 at 6:37 pm
        Reply

        +1

      17. gwacks said on November 28, 2018 at 4:54 am
        Reply

        @John

        And the exaclty *same* thing that the North Korea does to their people?

        @Klass

        In the first comment about China I made a obvious logical mistake intentionally and I’m happy to see one guy like you jumped out and said the USA blah blah blah. The fact is it’s not only something just about China and the American, but dictatorship and democracy. Your rude performance and your anxiety precisely proofed what I said above — “What China(dictatorship) is doing now even promotes the mass surveillance in democracies.” Indeed the mass surveillance in different states promotes each other, but there is a fundamental difference between them in the bottom. The ditactorship has been already rotten both of inside and outside which doesn’t matter getting worse a little bit, but the increasing of mass surveillance is definitely deadly to democracies like the USA. Now you understand what I mean you little empty brain?

        Don’t take your *IGNORANCE AS STRENGTH*. So please do your little empty brain a favor, read some more:

        https://www.nytimes.com/2018/09/22/opinion/sunday/ai-china-united-states.html (This is not some US gov. propaganda bullsh*t, written by a representative figure of Chinese surveillance capitalism who coporate with the CCP government)

        https://www.nytimes.com/2018/11/25/business/china-artificial-intelligence-labeling.html

        https://www.nytimes.com/2018/11/21/world/asia/china-rules-takeaways.html

      18. Klaas Vaak said on November 28, 2018 at 7:42 am
        Reply

        @gwacks: just like I said, you swallow everything the MSM tells you. If ever there was a loyal US government mouthpiece with blinkered stenographers and presstitutes it is the NYT.

        Furthermore, I did not dispute China’s mass surveillance, I merely pointed out, without using any vulgarities, that the US is equally evil. You got worked about that because you don’t accept the US egregious activities of mass surveillance, so you jumped on my initial, polite reply to you with vulgarities. Hint: look for these words I quote: “a f*cking normal life”.

        And into the bargain you drag Martin and his private life into this. In my modest opinion, it is about time you look in the mirror and stop your pathetic warfare over an issue you provoked yourself.

      19. gwacks said on November 28, 2018 at 1:17 pm
        Reply

        I think the question about whether you’re vulgar or not someone has given the answer. So please never mind.

    2. user17843 said on November 27, 2018 at 12:22 pm
      Reply

      If everyone is under surveillance, then what’s the point of browsing with Pale Moon, an outdated browser?

      There is only one thing that really increases privacy in browsers like Firefox, and that is eliminating third parties, which can be done in every browser with a content blocker and addons like Privacy Badger.

      The entire web is build around tracking what everyone does, that’s an unfortunate reality, but in lots of cases tracking is done for technological or legal purposes, and the data is never connected with anything else, except when using third parties.

      Privacy is important, and Firefox does not gather PII by default and you can easily disable telemetry. So I don’t think the original argument of “no telemetry” is a good one. A heavily modified Firefox like TOR is still the best choice for privacy.

      1. Anonymous said on November 28, 2018 at 3:33 pm
        Reply

        “If everyone is under surveillance, then what’s the point”

        The point is to mitigate it.

        “There is only one thing that really increases privacy in browsers like Firefox, and that is eliminating third parties, which can be done in every browser with a content blocker and addons like Privacy Badger.”

        This is not true.

        Content blockers, especially since webextension restrictions, can’t block all Firefox behind-the-scene spying, like Google Analytics on the internal addons page, that was ultimately justified by Mozilla by saying that they can do whatever they want on their “property”. Same for all the telemetry that’s on by default.

        Content blockers can hardly do anything against a javascript spying API that can’t be disabled without breaking sites ; situation that was made possible by having major browsers accepting to implement it. Sites want to know what you copy and paste, every single move of your mouse, and soon they’ll scan your face and analyze your speech.

        And tracking is here at countless different places. Making fingerprinting easier, safebrowsing remote checks, beacons, timing API, referer, TLS session identifiers, OCSP, captive portal detection, follow-on search, studies, CSP reports snitching adblocking, activity stream… The list is endless.

  9. Anonymous said on November 26, 2018 at 4:24 pm
    Reply

    New Tor Browser is buggy, bugs (e.g bookmarks bar) are not still fixed.

  10. stefann said on November 26, 2018 at 9:35 pm
    Reply

    It’s laughable that people push for something that is created and funded by a part of USA’s government and military complex. What about the backdoors ? All software and hardware from USA have backdoors ! As i have written many times as well: VPN’s aren’t safe ! NSA and probably many other similar spy organisations have hacked VPN’s. Why believe TOR or VPN’s are safe ? The way in isn’t via the VPN or TOR, it is via other softwares installed on a users computer (NSA often use that in their work to hack their way in in to the TOR network and VPN’s), no matter You use Windows, Linux or MAC. If You search for this there are tons of evidence about this technique, so it might be very commonly used today.

    1. John Fenderson said on November 26, 2018 at 10:15 pm
      Reply

      “All software and hardware from USA have backdoors !”

      This is simply not true.

  11. Anonymous said on November 26, 2018 at 10:32 pm
    Reply

    “I suspect that what he meant by this wasn’t that people were thinking that there is surveillance when there isn’t. I think what he means is that everyone should be happy to be surveillance”

    Yes, you’re probably right about what he meant.

    To quote Snowden :
    Saying that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about freedom of speech because you have nothing to say. It’s a deeply antisocial principle because rights are not just individual, they’re collective. What may not have value to you today, may have value to an entire population, an entire people, our entire way of life tomorrow. And if you don’t stand up for it, then who will ?

    1. gwacks said on November 27, 2018 at 6:44 am
      Reply

      “It’s a deeply antisocial principle because rights are not just individual, they’re collective. ”

      Very nice point. I have a good example about this: I take care of my personal privacy, so the people who love me or I love won’t be that easily under attack by malicious bastards and leak all of their secrets out, at least through me.

      1. John Fenderson said on November 27, 2018 at 5:20 pm
        Reply

        @gwacks: ” I take care of my personal privacy, so the people who love me or I love won’t be that easily under attack by malicious bastards and leak all of their secrets out, at least through me.”

        Yes, this. This is also why I scold my friends and family who mention me on any social media platform (this hasn’t been necessary in years, as all my friends and family now know my preference here). I take great care with the privacy of people I know, and I expect them to do the same for me.

    2. Anonymous said on November 27, 2018 at 8:49 am
      Reply

      “What may not have value to you today, may have value to an entire population, an entire people, our entire way of life tomorrow. And if you don’t stand up for it, then who will ?”

      An entire population generating overcrowding, pollution etc.. destroying my planet :(

      1. John Fenderson said on November 27, 2018 at 5:22 pm
        Reply

        “destroying my planet”

        Do you own the planet in a way that nobody else does? Because if you don’t, then by your logic here you are helping to destroy someone else’s planet.

      2. Anonymous said on November 27, 2018 at 9:34 pm
        Reply

        We all know that the global warming was an invention of the Chinese.

      3. Anonymous said on November 28, 2018 at 6:23 pm
        Reply

        “An entire population generating overcrowding, pollution etc.. destroying my planet :(”

        Privacy is important to the “entire population” -> that guy replies that the “entire population” pollutes the planet. Either an incredibly stupid comment or a malicious diversion attempt.

  12. Anonymous said on November 27, 2018 at 9:25 pm
    Reply

    “Do you own the planet in a way that nobody else does? Because if you don’t, then by your logic here you are helping to destroy someone else’s planet.”

    I do not think it could possible to own a planet that an American has not already bought. This could minimize the impact of “helping to destroy someone else’s planet”.

  13. user said on December 9, 2018 at 11:58 am
    Reply

    doesn’t
    Switch from Manual Proxy Configuration to No Proxy.

    make
    Load about:config?filter=network.proxy.socks_remote_dns in the browser’s address bar.
    Double-click on the preference to set it to false.

    unnecessary?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.