Re: Recommendations for browsing via Tor pre tor-browser?

[Chris Marusich]

Christopher Lemmer Webber <address@hidden> writes:

> Ludovic Courtès writes:
>
>> Christopher Lemmer Webber <address@hidden> skribis:
>>
>>> Anyone have recommendations on how they're doing web browsing via Tor,
>>> sans tor-browser?  In the interim I have been using the more
>>> lightweight, non-js using browsers like links.
>>
>> I use Privoxy, and as written in the ‘privoxy.conf’ example, I have:
>>
>>          forward-socks5   /               127.0.0.1:9050 .
>>
>> where Tor is listening on port 9050 (I use the Tor service of GuixSD.)
>>
>> Ludo’.
>
> I wonder if localhost + port is a good idea for tor or really any other
> service.  Our experience with the confused deputy attack against guile's
> live REPL makes me suspicious of anything that's localhost + port.
>
> I notice that the Tor configuration file supports a unix domain socket:
>
>        ControlSocket Path
>            Like ControlPort, but listens on a Unix domain socket, rather than 
> a TCP socket.  0 disables
>            ControlSocket (Unix and Unix-like systems only.)
>
> I wonder if that would be safer?  WDYT?

I know what you mean, but I think having TOR listen on localhost is
safer than having a Guile REPL listen on localhost.  In the case of
Guile, the risk is arbitrary code execution.  In the case of TOR, I
suppose the risks might be that an attacker would be able to make
requests over TOR from your machine.  Perhaps by making such requests,
they might also be able to infer that you are using TOR (although it's
already possible to determine that a person is using TOR simply by
watching their IP traffic).  In any case, since TOR is functioning as a
proxy, not a Turing-complete programming language, the things an
attacker could do or learn by making requests from your machine to the
localhost TOR seem limited.  Compared to the risk of arbitrary code
execution, it seems much safer to me.

I run the TOR service on GuixSD, and I manually tell IceCat to use it as
a SOCKS5 proxy.  You can configure this in the "Advanced" section of the
"Preferences" menu.  IceCat also lets you send DNS requests over the
SOCKS5 proxy, which increases your privacy.  Unlike Ludo, I don't
currently use Privoxy; I just have some extensions installed that I
think are probably helpful (SpyBlock, HTTPS Everywhere, Privacy Badger,
NoScript).

I don't know if IceCat or Firefox supports a proxy via a UNIX domain
socket; I'd be curious to know if it did!

-- 
Chris

signature.asc
Description: PGP signature