I tried to actually use tor for my browsing back when snowden leaked and schneier implored us all to. But I found the browser really too restricted to be useful. I understand that plugins can go around the browser config etc, but there has to be a better way...
The project I want to see is running the tor router in zerovm in docker, and running a full browser and all plugins in a child docker in such a way that it is fully fire walled and can only communicate via the tor container, with vnc screen scraping etc.
And set up so the browser container can be launched in persistent mode to make changes eg browser plugins, but normally runs with aufs on a ram disk so it never touches disk and is completely lost when closed.
"A dedicated hardware device which forces all internet traffic to be sent over the Tor network. This significantly increases the odds of using Tor effectively, and reduces the potential to make fatal mistakes. "
https://github.com/grugq/portal
Instead of just having your ISP able to sniff or MITM your web traffic, now you may have some random exit node operator doing the same - likely with more malicious intent than your Internet provider.
People who use Tor seriously usually also use a VPN service, and disable cookies, java, or any other client-side means of tracking you. They will also run TOR via a local virtual machine that they created on the fly.
While the exit node will be able to sniff the users, it won't be able to link it back unless the user gives up some information. ISPs can link back every time, regardless of behavior.
The FBI busted a child-porno ring on Tor using only an iframe and some javascript. They were able to take control at the data center the site was hosted, and then trace back to the ISPs for the Tor users who didn't disable java.
Java is not allowed on Tor Browser Bundle and shouldn't be allowed in a browser, ever. (And probably in general if you care about security.)
JavaScript in general should not be that dangerous - however, there was a 0-day bug in Firefox, that Tor Browser used, that leaked the IP anyway, and NSA used that 0-day.
In general - at least in my opinion - JavaScript is much lower on the "dangerous" list than Java, but yeah, still can leak something.
The best way is probably to just use Tails - a linux distro made to be secure from the start.
I meant javascript - my bad. The bug in Javascript was that it identified the MAC address, right? Javascript can still track client info if I'm not mistaken.
What do you mean by using Tor and a VPN service? Do you mean accessing Tor through the VPN? Or accessing the VPN through Tor? It seems like using Tor is a waste of time if you then go ahead and authenticate yourself somewhere. Or is this just in the context of trying to break out of a restricted environment? (rather than looking for anonymity)
Good question, I have been wondering the same for a while.
I have read somewhere the point is that one is anonymity provider, other - encryption to hide from your ISP.
If you think about it, you'd be using Tor to connect to either public or roll your own VPN. The issue with using Tor is that all exit nodes are (probably) monitored. Some websites even refuse to serve you, as they have a list of exit nodes. Use of public VPNs is easier, as semi-officially they track you, hence they can be trusted by websites. Your best option is use Tor & custom VPN with a clean IP address. Trouble here is leaving payment data and you'd still probably would trigger some alarms by connecting from a registered Tor exit node...
I meant using a VPN through TOR, between the client and the VPN service. This prevents the TOR chain from sniffing, at the cost of the VPN service potentially seeing your client.
For web browsing, the bundle is the definitive, closest-to-actually-being-secure way to do it. Tor's FAQ explicitly calls what you're doing "a really bad idea." I'm too lazy to write down all the ways it is a bad idea, but I'll just summarize it to say that you can't make Chrome always use the proxy, and it's still possible in various ways for a site to induce Chrome to give up information about you.
An HTTP proxy won't proxy DNS lookups. If you're using SOCKS4a/5 proxying, Firefox will use it IF you set network.proxy.socks_remote_dns=true, on Chrome it'll work if you use socks5 but the dns prefetch will bypass it and expose you. On Firefox, plugins and extensions can bypass the proxy. I don't know specifically about Chrome, but I experimented with it and when playing around with strict firewall egress filtering and restrictive apparmor profile, using the embedded Flash would just up and crash the browser.
It's not a good idea. If you want to use the web on Tor, use the browser bundle.
And that's what the TOR browser bundle does. And that's why it is locked down and disables all plugins etc.
The point of hosting in docker in docker is to firewall the browser so it can't talk to anyone else, and to add extra layers of protection - however flimsy - against any eventual targeted compromise.
The project I want to see is running the tor router in zerovm in docker, and running a full browser and all plugins in a child docker in such a way that it is fully fire walled and can only communicate via the tor container, with vnc screen scraping etc.
And set up so the browser container can be launched in persistent mode to make changes eg browser plugins, but normally runs with aufs on a ram disk so it never touches disk and is completely lost when closed.