# [Solved] Questions about Tor

## Fulgurance

Hello, i have just questions about Tor.

I don't would like to go into dark net. Just use it to anonymate my connection. Is it possible to use it only for that (not with tor brower) ?

And i have seen into website mozilla firefox integrate tor functionnalities. Do you know good tutorial or documentation to add tor functionnalities ? (i would like to use firefox, not tor browser)

And tor-hardening use flag is it just for vanilla packages ? Or usable ?Last edited by Fulgurance on Sat Feb 02, 2019 11:17 pm; edited 1 time in total

----------

## Jaglover

There are no free dinners. You want to use other peoples resources you have to allow them to use yours. I personally prefer paid VPN.

----------

## Muso

You can use proxychains via tor.

----------

## 1clue

Full disclosure, I tried tor once to see what it was about, and that's it. But I've done some reading.

If you go through the tor network and browse, they (allegedly) can't see your correct IP address on the other side, nor can anyone in the middle except your real ISP, and whoever has hooks into that. Maybe your government?

But the thing is, the tor browser was made specifically to eliminate as much risk as possible of someone tracing back to you in other ways.

If you use Firefox, and you go to example.com, and there are cookies or some other fingerprint by which they can identify you, you've been identified. If you go to gmail and login, they know who you are. Google, gmail, youtube, any one of the sites in that corporate family all share data. Once you're tagged all that work of going through tor is irrelevant.

I'm 100% sure that the same can be said for other sites of a common parentage. Google is just a favorite example of a company that likes to look over your shoulder, and which is frequently subpoenaed for legal proof of someone's interest in a person, place or thing.

If I actually cared what my government thought of the websites I visit I may have put more effort into learning about tor, but I can't really say I care enough to bother.

----------

## toralf

The Tor Browser is based on Firefox.

Run https://tails.boum.org in a virtual machine if you need more anonymity.

Finally anonymity != dark net - the former is a technical thing, the later a social one.

Just my 2ct.

----------

## Fulgurance

And, little question. I think Tor only is not sufficient, is it recommanded to add VPN ? (i think tor isn't VPN)

----------

## 1clue

https://www.torproject.org/about/overview.html.en

Tor does what a VPN does, only supposedly better since it makes multiple hops from point to point.

----------

## Fitzcarraldo

These two pages seem to have a good comparison between the differences, and the pros and cons:

Differences between using Tor browser and VPN

Tor vs. VPN - What are the differences between the two

----------

## 1clue

 *Fitzcarraldo wrote:*   

> These two pages seem to have a good comparison between the differences, and the pros and cons:
> 
> Differences between using Tor browser and VPN
> 
> Tor vs. VPN - What are the differences between the two

 

Very nice!

Neither actually focuses on the real issue with both approaches though: If you ever connected to your destination site or one of its siblings with the browser you're using, then there can be a cookie/token which can be retrieved from the destination server, and they can know who you are. They can use logs from your connection on the open Internet to get your physical location.

Cookies and such are categorized by the site which creates them. Your browser does not care if the cookie was set over the open Internet and then retrieved through TOR, but if you're going through the effort to use TOR then you most likely care about those things a lot.

Likewise automatically filled out forms, security credentials and whatever else saved by your browser can undo everything you were hoping for by using TOR in the first place.

Sorry I said all this earlier, but this point is important. By the time you get to the destination site, there's really no difference between using a VPN or TOR, or going straight there. The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin. The payload can be seen at the remote site, decrypted. If you have compromising information there, and somebody you don't like is watching, then they know who you are and what you did.

----------

## The Doctor

 *1clue wrote:*   

> The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin.

 In other words, if you want to do anything requiring a log in, use your browser for tor and non tor traffic, etc. then it makes no difference. One big warning with tor is not to use it for anything involving money as there is a real risk of it being stolen.

Although if you have a specific browser for viewing "cute cat pictures" then it may offer some benefit.

----------

## 1clue

 *The Doctor wrote:*   

>  *1clue wrote:*   The only thing that really changes is where your apparent IP address is, and how easily your network packets can be backtracked to their origin. In other words, if you want to do anything requiring a log in, use your browser for tor and non tor traffic, etc. then it makes no difference. One big warning with tor is not to use it for anything involving money as there is a real risk of it being stolen.
> 
> Although if you have a specific browser for viewing "cute cat pictures" then it may offer some benefit.

 

Not exactly.

If you're going to use TOR then you may want to consider a completely separate Linux account, and create brand new accounts on whatever sites you need to login to, but avoid logging in if at all possible. And never create an account which links to something that can be traced back to you.

Just thing about the crap that shows up in ads after you google something. Or if you have an Alexa or any other device with voice commands, notice how your ads tend to follow what you talked about whether you used a deliberate voice command or not.

I think it would be insanely hard to keep the accounts separate, especially if you're doing it for a long time.

----------

## Fitzcarraldo

I've read that Snowden used Tor Browser running in Tails booted from a LiveCD.

Putting aside so-called 'supercookies' and 'evercookies', the problem is that canvas fingerprinting means you can be tracked without the tracker knowing and storing your IP address (or other location identifier) or machine identifier (the Tor network hides your IP address from the visited Website or third-party server) and without needing to store anything on your machine (unlike cookies). Advertisers or other nefarious sites/servers can share your fingerprint with other sites/servers and they will know it is you who is browsing. If you revisit a site it will know it is you again. Here are a few results using the EFF's Panopticlick 3.0 tracking tester on the machine I'm using at the moment (I have omitted the full results, for privacy reasons):

Firefox 65.0 with Privacy Badger, Disconnect and DuckDuckGo Privacy Essentials installed

 *Quote:*   

> Is your browser blocking tracking ads?
> 
> ✓ yes
> 
> Is your browser blocking invisible trackers?
> ...

 

Firefox 65.0 Private Window with Privacy Badger, Disconnect and DuckDuckGo Privacy Essentials installed

 *Quote:*   

> Is your browser blocking tracking ads?
> 
> ✓ yes
> 
> Is your browser blocking invisible trackers?
> ...

 

Tor Browser 8.0.5 (based on Mozilla Firefox 60.5.0esr) Standard Security Level; Tracking Protection Always; Do Not Track Always; Privacy Badger installed

 *Quote:*   

> Is your browser blocking tracking ads?
> 
> ⚠ partial protection
> 
> Is your browser blocking invisible trackers?
> ...

 

----------

## Fulgurance

I have successfully configured firefox to use Tor. Now, i have buy nordvpn subscription. How can i configure tor to use nordvpn VPN ? On torrc file ? And how ?

----------

## 1clue

I would think that if your VPN is configured correctly, you would already be using it. Your default route should point through the VPN tun/tap device, whatever public IP that's using.

----------

## Syl20

 *Fitzcarraldo wrote:*   

>  the problem is that canvas fingerprinting means you can be tracked without the tracker knowing and storing your IP address (or other location identifier) or machine identifier (the Tor network hides your IP address from the visited Website or third-party server) and without needing to store anything on your machine (unlike cookies).

 

This tracking technique can be avoided, by using CanvasBlocker, for example. But it probably isn't as effective as Tor.

----------

## Fulgurance

Sorry if ask you again, but i don't have success to use my new VPN with openvpn.

I have following this tutorial: https://nordvpn.com/fr/tutorials/linux/openvpn/

It's official tutorial for Linux. I have following graphical tutorial part, but when i click on my VPN on networkmanager to connect to my VPN, no error and no connection. Nothing...

```
fulgurance@msi-gs73vr-6rf ~ % eix openvpn

* app-crypt/openvpn-blacklist

     Available versions:  (~)0.4-r1 (~)0.5 {PYTHON_TARGETS="python2_7"}

     Homepage:            http://packages.debian.org/sid/openvpn-blacklist

     Description:         Detection of weak openvpn keys produced by certain debian versions in 2006-2008

* app-metrics/openvpn_exporter

     Available versions:  (~)0.2.1

     Homepage:            https://github.com/kumina/openvpn_exporter

     Description:         Prometheus Exporter for OpenVPN

* net-analyzer/nagios-icinga-openvpn

     Available versions:  (~)0.0.1 {PYTHON_TARGETS="python2_7 python3_4 python3_5 python3_6"}

     Homepage:            https://github.com/liquidat/nagios-icinga-openvpn

     Description:         A Nagios plugin to check whether an OpenVPN server is alive

[I] net-misc/networkmanager-openvpn

     Available versions:  1.8.8 {gtk test}

     Installed versions:  1.8.8(00:56:48 01/02/2019)(-gtk -test)

     Homepage:            https://wiki.gnome.org/Projects/NetworkManager

     Description:         NetworkManager OpenVPN plugin

[I] net-vpn/openvpn

     Available versions:  2.4.6 **9999 {down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam pkcs11 +plugins selinux +ssl static systemd test KERNEL="linux" USERLAND="BSD"}

     Installed versions:  2.4.6(00:56:32 01/02/2019)(lzo pam plugins selinux ssl -down-root -examples -inotify -iproute2 -libressl -lz4 -mbedtls -pkcs11 -static -systemd -test KERNEL="linux" USERLAND="-BSD")

     Homepage:            https://openvpn.net/

     Description:         Robust and highly flexible tunneling application compatible with many OSes

[I] sec-policy/selinux-openvpn

     Available versions:  2.20180114-r1 2.20180114-r2 (~)2.20180114-r3 2.20180701-r1 (~)2.20180701-r2 **9999

     Installed versions:  2.20180701-r2(00:55:49 01/02/2019)

     Homepage:            https://wiki.gentoo.org/wiki/Project:SELinux

     Description:         SELinux policy for openvpn

Found 6 matches

fulgurance@msi-gs73vr-6rf ~ % eix ca-certificates  

[I] app-misc/ca-certificates

     Available versions:  20180409.3.37 {cacert}

     Installed versions:  20180409.3.37(13:04:19 11/01/2019)(-cacert)

     Homepage:            https://packages.debian.org/sid/ca-certificates

     Description:         Common CA Certificates PEM files

```

Problem with not set use flag ?

(Actually, i have disabled Tor to test it)

----------

## Fulgurance

Problem solved, i have just forget to active specific kernel features   :Very Happy: 

And for my VPN, it's solved, because they have server with TOR. I haven't any utility to use tor on my laptop.

----------

## CaptainBlood

 *Fulgurance wrote:*   

> Problem solved, i have just forget to active specific kernel features  

 

Could you please elaborate?

Thks 4 ur attention.

----------

