• Off Topic
  • Tradeoffs on running Tor Browser and Orbot?

Curious to hear folks thoughts on the pros and cons with running Tor Browser and Orbot on GrapheneOS.

The GrapheneOS website says regarding Tor Browser:

At the moment, the only browser with any semblance of privacy is the Tor Browser but there are many ways to bypass the anti-fingerprinting and state partitioning. The Tor Browser's security is weak which makes the privacy protection weak. The need to avoid diversity (fingerprinting) creates a monoculture for the most interesting targets. This needs to change, especially since Tor itself makes people into much more of a target (both locally and by the exit nodes).

Later on it says:

Avoid Gecko-based browsers like Firefox as they're currently much more vulnerable to exploitation and inherently add a huge amount of attack surface. Gecko doesn't have a WebView implementation (GeckoView is not a WebView implementation), so it has to be used alongside the Chromium-based WebView rather than instead of Chromium, which means having the remote attack surface of two separate browser engines instead of only one. Firefox / Gecko also bypass or cripple a fair bit of the upstream and GrapheneOS hardening work for apps. Worst of all, Firefox does not have internal sandboxing on Android.

Regarding using Orbot for something like Vanadium or Brave, the Tor Project says:

We strongly recommend against using Tor in any browser other than Tor Browser. Using Tor in another browser can leave you vulnerable without the privacy protections of Tor Browser.

With all that info, what then is the best tradeoffs for folks that would like to maximize privacy and security? Does the increased attack surface of having two browser engines offset any privacy gains from using the Tor Browser (even with the Security Level set to "Safest", turning off JavaScript for all sites) On the other hand, does using Orbot for any applications (Whether a web browser or things like NewPipe and RedReader) ruin a lot of the privacy gains that Tor provides.

I understand there probably isn't a perfect answer, but curious to hear how others approach this.

If you want to use the Tor network "properly", you need to do that in conjunction with the Tor Browser, as it helps you blend in. Otherwise, you're "that one person using Vanadium with Orbot" and not a "Tor browser user".

If you're using Orbot (or the Tor network in general) as a glorified VPN just to hide your IP, then using it for apps or other browsers is fine.

    matchboxbananasynergy Thanks for the quick reply.

    The only thing I'm struggling with is it seems like the project is recommending NOT to install Tor Browser due to the aforementioned security issues. Do you think that's correct?

      kopolee11 Sure. Tor browser (and other Firefox-based browsers) are lacking in security, especially on Android.

      That said, it's always a balance. The documentation gives you objectively true information. How you apply it for your needs is completely up to you.

        spiral The issues mentioned in the docs are inherent to Firefox, and cannot be addressed by a fork like Mull.

        kopolee11 This would not issues that are inherent to Firefox, but may help alleviate them. The project aims to leverage virtual machines in the future, but this is a long term plan.

          a year later

          matchboxbananasynergy

          Hello, which advantages or disadvantages has Orbot over VPNs like e.g. ProtonVPN?

          And, what does it mean in practice to have a less secure browser, e.g. the Tor Browser?

          For which applications is it fine/better to use a private browser like Tor and in which cases is it better to use a safe browser like Vanadium?

            Clap2Grom673 For which applications is it fine/better to use a private browser like Tor and in which cases is it better to use a safe browser like Vanadium?

            You seem to be misunderstanding. If you're looking to use a browser through the Tor network, then you should use the Tor Browser. If you're using any other app (aka not your browser), then you can use Orbot. The point is that using Orbot with a non-Tor browser simply makes less sense than just using the Tor Browser itself. I'm not sure where you getting this idea that a user would "use Tor Browser for some applications and use other browsers like Vanadium for other applications".

              Dumdum

              I'm sorry, I was articulating in the wrong way. I meant "usecases" like "(other) things to do on the internet". So "use Tor Browser for some usecases and use other browsers like Vanadium for other use cases" would he what I meant.

                • Edited

                Clap2Grom673 It really depends, and you should know what you do/what you want to do with your browsing habits if you wanted me to really help you.

                But basically to say the obvious, accessing .onion websites you should only ever use Tor browser, since it was actually made for that. Some sites are very hard to browse/access considering how the tor network works, or even totally unusable if you're using the Tor Browser, some sites where the security is increased if you're trying to login later on the same account you might get locked out in the same session , in 10min time frame just because of its very dynamic IP rotation, and you might even sometimes get a banished IP that makes you unable to access a site unless you request a new "route" for that specific site, making you change IP

                matchboxbananasynergy If you're using Orbot (or the Tor network in general) as a glorified VPN just to hide your IP, then using it for apps or other browsers is fine.

                Using Orbot (but not Tor Browser) has any advantage or disadvantage compared with other VPNs like Mullvad or Proton?
                Thanks

                  4 days later

                  kopolee11

                  Firefox should run every tab as an isolated process. But sandboxing is not as needed as you may think.

                  It is needed to prevent malicious code exploiting the rendering engines from accesing even more. But in some cased those exploits could also circumvent the Sandbox.

                  I had a Discussion about this recently and to my surprise was told Mozilla rewrote many core components of Firefox in memory safe Rust. This automatically gets rid of many security problems, while Chromium afaik uses unsafe languages.

                  To this "another attack surface", yes maybe but you already have Chromium, which due to its usage is a way bigger one. Firefox circumventing hardening is bad though.

                  Also, Vanadium executes all Javascript. The torbrowser and firefox in general can use Noscript, which increases Privacy and Security insanely.

                  You need to change defaults and block every new Javascript, then whitelist every single origin you trust. The web is unusable without Noscript.

                  To Orbot etc, you can use it, but a paid good VPN may be better. After all Tor is way more anonymous than any VPN, but makes you a target more. With regular apps and Orbot you would constantly use Exit Nodes (I run one, do the same!)

                  The tor network is only good if connecting is private (public wifi, vpn) and you stay inside.

                  Also checkout i2p, there is a purplei2p fdroid repo that has a Conversations fork for i2p!!

                    missing-root Vanadium executes all Javascript. The torbrowser and firefox in general can use Noscript, which increases Privacy and Security insanely.

                    You can change site settings in Vanadium or other chromium browsers to disable javascript then enable it on a site by site basis. Lots of sites dont work well without it.

                    Vanadium does however disable JavaScript jit by default. Attacks against javascript jit are by far the most common browser exploits.

                    Tor browser disables jit in its high security levels but its active when set to standard security level as with standard firefox.

                      • [deleted]

                      • Edited

                      missing-root

                      missing-root The tor network is only good if connecting is private (public wifi, vpn) and you stay inside.

                      Why do you say this and what do you mean by stay inside? Seems like this is only a concern if you live somewhere where Tor is illegal or will cause excess attention from law enforcement (which some argue that any use of Tor will give you "extra" attention, but I digress). In that context then yes I guess one could say it's "only good with" because using Tor in itself would get you arrested, but that's not the case everywhere. If you're not concerned of your isp knowing that you're connecting to Tor then I don't really see it being a problem, unless you really need to conceal your IP address because there is a high liklihood of being targeted.

                        Bit off topic, but does anyone know if there's an Orbot equivalent for desktop (Linux)? By that I mean a simple to use GUI app that tunnels either the whole system or just specific apps through Tor.

                          missing-root Mozilla rewrote many core components of Firefox in memory safe Rust.

                          TorProject does the same with Tor Browser and c-tor.
                          C-tor development could still take years. In addition to security, the main feature is: Rust is multicore aware.
                          Then we relay operators no longer have to run dozens or hundreds of Tor-instances on a modern multicore CPU-server.

                            DeletedUser28 Orbot equivalent for desktop (Linux) is apt install tor.
                            No GUI just edit /etc/tor/torrc
                            HowTO man torrc