Secure Tor Browser setup

cone-grill-dumping

raccoondad
Thank you! Very enlightening. I don't know why but I was confused, and thought it was a GOS feature

cone-grill-dumping

argante
Thanks for recommending TorVPN, it is a lot faster than Orbot. I'm glad that there's finally binaries for it out in the wild! Orbot was starting to feel dated years ago in all honesty...

I understand that there is a security tradeoff with Tor Browser, and that Vanadium is wholly superior, but is there a way that we can minimize the risk with Tor Browser? Wouldn't running the Tor Browser in a different user profile increase isolation from your daily profile? I've always been under the impression that using other browsers with Tor is a privacy risk, and to avoid it.

fid02

cone-grill-dumping Thanks for recommending TorVPN, it is a lot faster than Orbot.

TorVPN is experimental software. I would not be surprised if leaks are uncovered during the development.

Recommending it as a privacy-preserving and/or secure software is irresponsible.

argante

cone-grill-dumping but is there a way that we can minimize the risk with Tor Browser?

Yes: use only in the most secure mode, which means disable javascript. Tor Browser is useful for onion links. For normal browsing on the web, VPN is enough (Mullvad is highly recommended). I use TorVPN for everything, and VPN only in Private Space, where I have e.g. a banking app and email, so you know it's me.

See also Nym. They have two modes of operation. Mixnet is even (in theory) better than Tor. Unfortunately, they added crypto and this undermines trust in their business model.

fid02

cone-grill-dumping I've always been under the impression that using other browsers with Tor is a privacy risk, and to avoid it.

You will likely "stand out from the crowd" by being one of very few users using Vanadium with Tor exit node IP addresses.

argante

fid02 But I wrote:

It works well on GOS, but it's still a very test version.

It works much better for me than Orbot, it doesn't lose connections. I'll want to send feedback to the developers on gitlab.

argante

fid02 You will likely "stand out from the crowd" by being one of very few users using Vanadium with Tor exit node IP addresses.

True, but I think we have some misunderstanding here. Let's start with what Tor/Tor Browser is to be used to access the darknet, then Talis or Whonix should be used, so neither Tor Browser on GOS, nor Vanadium+TorVPN. However, if Tor is to be used as a replacement for a classic VPN, or even by accessing the duckduckgo or crypton.is version of the site, but via an onion link, then such a set as I have provided is sufficient. I use TorVPN as a replacement for a classic VPN. However, if you want to protect yourself from fingerprinting, then currently just blending in with the crowd is not enough. You need to create several independent browser profiles. So you can even use Google Chrome, but in a profile that you will only use for YouTube, Gmail or other Google services. So Google will still know that it is you and what you are doing. For other types of sites, use a different profile with a different browser with a different VPN or Tor etc.

@cone-grill-dumping wrote:

I don't have a high threat model, but I would appreciate more security running Tor Browser because I like the privacy features of Tor.

I understand that such super anonymous settings are not necessary, but @cone-grill-dumping wants to achieve the maximum level of security. As I wrote earlier: Security is not the same as anonymity. So I gave the most secure settings, not the most anonymous ones.

argante

fid02 It's common opinion about Tor Browser. For this reason, it is difficult for me to recommend it. For me, Vanadium+TorVPN is the right solution. I hope that in the future Vanadium will also be developed towards more privacy and anonymity. Today, there is simply nothing that can be recommended without any doubt.

cone-grill-dumping

fid02
That was my initial thought as well. Would a pseudo-anonymous VPN be better to use than Tor in this case? Something like ProtonVPN free with the mobile app? One would blend in more, but their traffic would be visible to the VPN provider.

One idea I've thought of is using a VPN, and an in-browser proxy together. That way the VPN can't see your raw traffic, and the proxy doesn't know your true IP. The proxy would handle the fingerprinting issue in some cases as well

cone-grill-dumping

argante
I already use different profiles for different identities online, like I said though my threat level is not very high. I just don't want to contribute to surveillance capitalism.

That being said, no Javascript should hide most browser attributes, and prevent the most invasive fingerprinting. Other attributes wouldn't matter since the browser is the stock Graphene OS browser, so it'll look the same across the community no?

cone-grill-dumping

argante
I do agree Vanadium isn't the best for privacy/anonymity. How does GOS feel about Cromite? It looks like a continuation of Bromite, which was previously recommended.

Dumdum

cone-grill-dumping
https://discuss.grapheneos.org/d/22654-vanadium-equivalent-for-windows-and-linux/19

Very much not recommended.

cone-grill-dumping

Dumdum
Darn, sad to see such a good project go by the wayside. So the only secure options are:
Vanadium w/o Javascript with TorVPN
Brave with scripts disabled(?) with TorVPN

And for harm reduction:
Tor Browser with scripts off

Is Ironfox an option to use with TorVPN instead of Tor Browser? I've seen mixed reception to them enabling Fission, some claiming that sandboxing wasn't enabled properly, and some saying that it's a security improvement. Did anything come of that?

newbie24689

cone-grill-dumping If using protonvpn, there is also this:
"...Proton VPN offers a Tor over VPN feature that lets you connect to the Tor anonymity network, including .onion websites (the “darkweb”) in your regular browser without the need to download or install additional software (such as Tor Browser)...."

As you said, use Vanadium w/o Javascript. Using your regular ProtonVPN, your ISP will see nothing.

GrapheneOS

cone-grill-dumping

Is Ironfox an option to use with TorVPN instead of Tor Browser? I've seen mixed reception to them enabling Fission, some claiming that sandboxing wasn't enabled properly, and some saying that it's a security improvement. Did anything come of that?

It has no sandboxing. Multi-process doesn't imply sandboxing.

cone-grill-dumping

newbie24689
Onion sites aren't really the goal for me personally, moreso the privacy benefits for keeping some searches confidential in the face of surveilance capitalism. It's a pretty low threat model, however I tend to trust Tor over VPN generally due to how Tor is set up so no single node has all of your info. Most of my onion usage is clearnet mirrors that the Tor Browser on desktop suggests, the mobile version doesn't suggest onion mirrors so I don't use them. I really only have them redirect for the security improvement.

That being said, that is a pretty cool feature that Proton provides. I didn't know about that, so thanks for informing me. I have considered using ProtonVPN with an in-browser proxy like Startpage or Swisscows anonymous view. I figure using a VPN will hide my origin IP, while the proxy will hide what I'm doing from the VPN. Any thoughts on a setup like this?

cone-grill-dumping

GrapheneOS
From my understanding, Fission is site isolation for Gecko browsers right? I know it isn't on the level of Vanadium's site isolation, but could it be a decent harm reduction tactic?

cone-grill-dumping

As it stands, here's what I've gathered from this discussion and my own testing:
Using a VPN or TorVPN to route traffic, one can use Vanadium with Javascript disabled to block fingerprint tracking and tracking via IP. Vanadium also makes cookie tracking difficult due to state partition and site isolation. This is the most secure option. One can change timezone in settings to UTC for more privacy.

Tor Browser with the Safest setting is going to be the most anonymous option, however Firefox Android has no sandboxing and it seems Tor Browser uses an embedded binary similar to Orbot. Orbot has various performance and security issues that users have brought concerns up over.

Brave makes little difference in privacy, and is not as secure.

Ironfox's implementation of Fission doesn't seem production-ready on Android, and I wouldn't trust the security of it. Also the GOS account brought up that it might not be a real sandbox, contrary to how Mozilla frames the feature. I'd trust GOS over Mozilla any day though personally.

TLDR: Use Vanadium with VPN or TorVPN for security, Tor Browser for anonymity.

argante

cone-grill-dumping Nice summary. I only use Vanadium and only this one browser (+TorVPN). The plans for Vanadium emphasize that privacy features will be developed (currently the focus is mainly on security). Tor Browser is good to put in Private Space or a separate profile.

cone-grill-dumping

argante
To go even further, one could make a User Profile specifically for running all network traffic through Tor VPN. The Tor Browser can be put in a Private Space to prevent its traffic from going through Tor VPN (as you cannot use Tor over Tor). This gives the user the option to install apps that run over Tor (including Vanadium), as well as a Tor Browser that isn't running through the VPN.

This at least gives a level of flexibility and choice while maintaining isolation from the user's daily profile.