Closed C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N closed 5 years ago
TPB is a high-value target when it comes to finding vulnerabilities in browsers.
You obviously shouldn't use TPB only for suspicious activity, but should generate some random noise as well. Also it's based on FF which is less secure than Chromium.
VPNs should be used as much as possible and we should explain how to use Tor properly. I will write a tutorial on using anonymity tools like Tor properly soon.
I agree it should be the first browser we commend, but still am not sure how much should we stress using it.
@Shifterovich
TPB is a high-value target when it comes to finding vulnerabilities in browsers.
Chromium has the same status if you consider its crushing market share. I don't see what your point is here.
VPNs should be used as much as possible and we should explain how to use Tor properly.
By that you mean that VPNs should be used as much as possible instead of Tor?
HVTs use Tor, not Chromium.
And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense.
HVTs use Tor, not Chromium.
My point was that even if Tor Browser was based on the most secure browser (Chromium) then a similar argument would conclude that Chromium shouldn't be used.
FWIW an example of good practice for HVTs with the Tor Browser: When you visit TheIntercept's SecureDrop (https://y6xjgkgwj47us5ca.onion/), if JS is enabled they put the warning: We recommend turning the Security Slider to High to protect your anonymity: ...
And yes, you should definitely generate random noise with Tor even when not using it (if you intend to use it for something serious later), but using Tor as much as possible makes little sense.
Tor is 1/n anonymity network, as such, using Tor as much possible can only make sense since it's not just about protecting oneself but also others.
And just to clarify, by as much as possible I mean:
Visiting non-HTTPS websites over Tor is a very bad idea. Using Tor for most of your browsing sacrifices a lot of usability, yet I can't see a single positive thing about it.
@Shifterovich
Visiting non-HTTPS websites over Tor is a very bad idea.
Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High.
Using Tor for most of your browsing sacrifices a lot of usability,
Examples?
yet I can't see a single positive thing about it.
The whole "make covert traffic" (traffic analysis aspect) + "the bigger the crowd the easier it is to hide in it" (fingerprinting aspect).
There are other ways to generate noise without having to use Tor for all browsing.
Examples?
Low speed and a lot of things don't work in Tor.
Unless it's because someone is logging into HTTP websites over Tor. Otherwise I don't think it's a bad idea, especially with higher security settings i.e. Medium or High.
There are other reasons to use HTTPS. https://doesmysiteneedhttps.com/
We now have a big explanation on our VPN provider page which describes the difference between vpns and Tor, including their usecases, which makes this issue no longer needed, closing.
This is already done by a related project: https://prism-break.org/en/subcategories/gnu-linux-web-browsers/
Where should this be? Also I can tweak the above paragraph and add additional details into why using Tor for most browsing is a good idea and how by using it one helps others get more privacy.