Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Alternatives To Tor Browser Bundle For Windows?

Posted by timothy on from the send-your-answer-via-smart-missile-please dept.

SonnyJim writes "I frequently use Tor for my anonymous browsing needs, via the Tor Firefox bundle for Windows. I noticed that there are many other applications out there that use Tor as a proxy as well (Janus VM, ChrisPC, etc.) Are any of them more secure than the original Tor bundles, or am I just wasting my time trying these other applications? Is there anything more secure than Tor, as far as anonymous browsing goes?"

14 of 201 comments (clear)

  1. Tor by x*yy*x · · Score: 5, Insightful

    I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing. Especially to Google via Google Analytics.

    Nevermind also that half of the TOR network end nodes are monitored and sniff your traffic and can modify your browsing session in various ways. Just imagine the fun when you happen to use an end node that serves you a drive-by download exploit instead of the page you requested.

    1. Re:Tor by clang_jangle · · Score: 3, Interesting

      I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing. Especially to Google via Google Analytics.

      Nevermind also that half of the TOR network end nodes are monitored and sniff your traffic and can modify your browsing session in various ways. Just imagine the fun when you happen to use an end node that serves you a drive-by download exploit instead of the page you requested.

      You have some good points, though some of those concerns are easily addressed in your privoxy config. I use tor regularly BTW, and am impressed with its performance compared to a few years ago. I don't drink the kool-aid, but between privoxy and tor you can certainly avoid being tracked by all but the most devoted bad guys. However, if someone competent is targeting you specifically you're screwed no matter what you use, unless you're an uberhacker with access to some heavy hardware.

      --
      Caveat Utilitor
    2. Re:Tor by Anonymous Coward · · Score: 4, Informative

      I personally find it funny when people use Tor and then leave behind [...]same MAC address, don't change DNS servers [...]

      Proof that you know less about this than you think you do. MAC addresses become irrelevant after the first network layer hop or an application layer gateway like TOR. Also TOR acts as a socks 5 proxy and will resolve names for you, again the the DNS settings are irrelevant.

    3. Re:Tor by cdp0 · · Score: 5, Informative

      Use TorButton then (the Windows bundle includes it IIRC). AFAIK it solves most of the problems you mentioned. If you are using Firefox 4 then you need the alpha version from here.

      Add to that BetterPrivacy, and you should be much harder to track.

    4. Re:Tor by 93+Escort+Wagon · · Score: 4, Funny

      I personally find it funny when people use Tor and then leave behind the same cookies, the same user-agent, LSO and Flash cookies, same system configuration, same screen size, same fonts, same installation and versions of plugins, same MAC address, don't change DNS servers and countless amount of other things that make it very easy to identify your other activity or what you're doing.

      I solved this problem simply by finding out what your user-agent, LSO and Flash cookies, system configuration, screen size, fonts, plugins, MAC address, and default DNS servers were. Now whenever I'm on Tor I pretend to be x*yy*x - so I'm golden.

      --
      #DeleteChrome
    5. Re:Tor by Hazel+Bergeron · · Score: 3, Insightful

      Except, of course, if you're running wireless. Then MAC addresses are recorded by various data gatherers and used, among other things, for that Google location guesser thing.

      Of course, it's OK if you never speak wireless in the clear and always use an encryption protocol which will never be found insecure in the future.

    6. Re:Tor by burni2 · · Score: 3, Interesting

      But mostly you can identify tor-users which are not having all plugins switched off, by a java applet which acts as a beacon* , also if you have switched it off in your Firefox, it get's reactivated by every juscheded update ;)

      But I also want to point the attention to the lately added
      local web storage in the current generation of browsers, like Opera and doing a picture search in opera and just check the link of the thumb nail you will be interested So the question is how long will it take till it get's abused for traking

      "data:image/jpg;base64,/.*CONTENT*."

      *(udp connection, even through DNS/53 port some PSFs don't catch outgoing connection on this port and won't bring the fact to your attention)

    7. Re:Tor by lostthoughts54 · · Score: 3, Interesting

      what he means is the old good guys are our new bad guys. and good guy doesn't exist anymore, only you vs. them.

    8. Re:Tor by Anonymous Coward · · Score: 4, Informative

      Easy to fix when you use user agent switcher, ghostery, better privacy, noscript, google sharing, cloned mac addresses and torbutton.

      Check out http://www.decloak.net to see how anonymous you are.

      It's hard to beat Tor for anonymous public web browsing, but i2p is already a better darknet.

  2. Re:I don't get Tor by betterunixthanunix · · Score: 3, Informative

    Can someone explain to me why someone who is monitoring sufficient backbones and running sufficient Tor nodes himself can't just watch a packet stream being bounced between Tor nodes?

    This is one of many known attacks on Tor, and is the reason why as many people as possible should be running Tor relays, entry nodes, and exit nodes. This is also why Tor circuits are periodically changed by the client. In general, though, it is possible for someone who can monitor a large enough fraction of the Tor network to break the anonymity of the system, even if they cannot control the nodes themselves.

    --
    Palm trees and 8
  3. Re:I don't get Tor by Hazel+Bergeron · · Score: 3, Informative

    I recall a raid in Germany. Depending on police behaviour and accessibility of records, in some countries that can be as harmful as a conviction (e.g. if you're working in a job with vulnerable people).

  4. LiveCDs - TAILS v0.7.1, Liberté Linux by integral-fellow · · Score: 4, Informative

    First, don't bet your life on this technology or OpenSSH or other tech.

    Second, rather than run TOR on an everyday personal or work computer (Windows or Mac or Linux) with sensitive data and identifiable traits, I'd recommend booting a LiveCD: TAILS (v0.7.1 is the latest) and Liberté Linux:

    http://tails.boum.org/
    http://dee.su/liberte

    or get Knoppix and harden it:
    http://knoppix.com/

    Change your MAC and connect at a coffee shop (if paranoid-- on the other side of town, and wear sunglasses in case of surveillance), not from home. Or connect to someone else's open WiFi, or get the key with Backtrack. Less secure is running a LiveCD in a VM (virtualbox or vmware). Another less secure option is running a hardened Linux, or at least running the Bastille script.

    What am I missing? The main trouble with the LiveCD/DVDs is the NIC driver/module, but Knoppix is good for that.

    integral-fellow

  5. What is the actual purpose of using TOR? by Warma · · Score: 3, Insightful

    I understand that what I'm going to ask is almost a logical fallacy in Slashdot, but I'm going to ask anyway.

    Why exactly are you making things complicated for yourself and using Tor in the first place? A person as paranoid as you would use only properly secured banking connections and reputable services anyway, so the chance of any identity theft whatsoever is minuscule. I really can't think of any credible motivation for completely endorsing anonymity except the fear of being caught surfing something explicitly illegal. However, the amount of replies in this thread and their tone suggest, that you can't all be 3rd world revolutionists or Chinese students circumventing the Great Firewall.

    Is this just a matter of principle, or do you actually have something to hide? If it's the principle, what are you hoping to accomplish and why? If you're into snuff or whatever, I really don't care, but at least one anonymous reply confirming this would be amusing.

    This is not a troll. I'm genuinely interested. Technical answers about repercussions I may have not understood, are not only accepted, but appreciated.

    1. Re:What is the actual purpose of using TOR? by Jane+Q.+Public · · Score: 3, Insightful

      "I really can't think of any credible motivation for completely endorsing anonymity except the fear of being caught surfing something explicitly illegal. "

      History has clearly shown that the right to free and anonymous speech is essential to maintaining a free society. That fact alone is sufficient motivation to do it. If you don't practice and enforce your rights, you are likely to lose them. Your attitude is exactly why this is true.