Tor Browser

Hello everyone, I have been looking for Tor Browser (torproject.org) for x86 and ARM. I've noticed a few old threads but not actually any solutions. Any experience or suggestions how to get Tor browser on FreeBSD?
Thank you.
 
The "Tor browser" is just a convenient package that installs and configures various bits and pieces automatically. There is no "Tor browser" package for FreeBSD. That said, it's perfectly doable to install and configure all the various parts that make up the "Tor browser" on FreeBSD. You just have to install and configure everything yourself.
 
I recommend using tor browser, standard browsers leave too many traces. Unluckily I have not yet had time to install it in a linux jail, I am using torbrowser in a VM.
 
I know that the 'Tor Browser' is a package of few things together, there is a good reason why they are configured and provided together.
It may be worth of considering separating the proxy in Jail on ZFS, an approach used by Whonix.
 
If you're interested in Tor based messaging, there's also net-im/ricochet. It's a P2P messenger, based on the Tor. But, it's not part of Tor Project. That's important, and you have to keep it in mind.


Note:
As a rule, you have to download, verify and install Tor from its official website. There's no official port for FreeBSD, thus you have to use security/tor. But you can always check the submitted patches yourself. It's not complicated, and everyone can do that.
 
In the absence of Tor Browser, I occasionally used Firefox with a few carefully-chosen extensions and net/torsocks. Not an ideal alternative, but it was enough for me at the time.
 
In my case if I want to use tor, I would install tor, obfsproxy-tor n and necessary pkg packages. Run tor n and then configure any browser to use it. Works for me.
 
Getting everything correct for a tor build is a significant challenge, requiring insight, experience, ability, and ongoing diligence.

I wouldn't normally recommend Linux in a FreeBSD forum, but I will say that I run tor in a Debian virtual machine, because it comes as a fully configured and maintained package.
 
Getting everything correct for a tor build is a significant challenge, requiring insight, experience, ability, and ongoing diligence
Or you just follow the official documentation provided by the Tor project on how to setup a FreeBSD node: https://community.torproject.org/relay/setup/bridge/freebsd/

It's really not that complicated. Then you do need in addition a browser of your choice pointing to that node, preferably running in private mode of course.
 
Or you just follow the official documentation provided by the Tor project on how to setup a FreeBSD node: https://community.torproject.org/relay/setup/bridge/freebsd/

It's really not that complicated. Then you do need in addition a browser of your choice pointing to that node, preferably running in private mode of course.
this solution is far from ideal ... the changes made to firefox to package the thing in the "tor-browser" is not without a reason, the traceable bits are mostly removed. so whoever is looking for running tor-browser, just do not use a normal browser behind a tor proxy. Better run tor-browser in a Linux VM/Jail (if that is possible)
 
The main reason for the widespread recommendation not to use any other brower is: matters are complicated, also complicated to explain, and it can easily happen to overlook something.

But: the single biggest offender is Javascript, including all the APIs accessible in modern browsers. Even with TorBrowser, it's sometimes recommended to completely disable it. Disabling Javascript protects from (rough guess) 80% of the threats. So, if you do use any other browser with Tor, never ever enable Javascript.

Then, there are ways to track and/or fingerprint you by means of HTTP headers. Fixing this (plus quite a few other things based on actual HTML content) can be done e.g. with "privoxy" (between your browser and Tor). Be sure to use widespread User-Agent and Accept-* headers and at least restrict usage of Referer.

And finally, there are a few things that can't be done without TorBrowser, like e.g. its "letterboxing" feature, which prevents unusual fingerprinting techniques based on CSS, see for example https://noscriptfingerprint.com/

I collected some information here:

IMHO, "anonymous" browsing is possible without TorBrowser, given you understand technical details and limitations (and, of course, you can live without JavaScript). It's just not recommended, for obvious reasons :)
 
With any solution I still highly recommend creating some sort of test environment (gateway running Wireshark) and carefully analyzing the traffic going through. Everything is so messy now and there are socket leaks in almost everything.

Even then, running tor on the same machine and looping back programs through it is still a bit dodgy. It is better to do this at a gateway level (as a separate device) and have the computer behind it literally unable to connect to anything but the Tor proxy running on the gateway. This is the only way I can stomach running Windows in all fairness.
 
The main reason for the widespread recommendation not to use any other brower is: matters are complicated, also complicated to explain, and it can easily happen to overlook something.

But: the single biggest offender is Javascript, including all the APIs accessible in modern browsers. Even with TorBrowser, it's sometimes recommended to completely disable it. Disabling Javascript protects from (rough guess) 80% of the threats. So, if you do use any other browser with Tor, never ever enable Javascript.

Then, there are ways to track and/or fingerprint you by means of HTTP headers. Fixing this (plus quite a few other things based on actual HTML content) can be done e.g. with "privoxy" (between your browser and Tor). Be sure to use widespread User-Agent and Accept-* headers and at least restrict usage of Referer.

And finally, there are a few things that can't be done without TorBrowser, like e.g. its "letterboxing" feature, which prevents unusual fingerprinting techniques based on CSS, see for example https://noscriptfingerprint.com/

I collected some information here:

IMHO, "anonymous" browsing is possible without TorBrowser, given you understand technical details and limitations (and, of course, you can live without JavaScript). It's just not recommended, for obvious reasons :)
Letterboxing can be used in normal Firefox, in about:config just set privacy.resistFingerprinting.letterboxing to true
 
Interesting! But kind of confirms my conclusion: the reason to discourage using a "normal" browser with Tor is the complexity which comes with a substantial risk to get something wrong, making de-anonymization possible. Still, it can be done.

kpedersen, enforcing Tor on a router/gateway makes sure there can be no leaks on the network level (but doesn't help with fingerprinting etc...). If you disable Javascript (and don't use any "extensions", which I forgot to mention above), this should be limited to DNS queries. Observing your browser's network activity is probably a good idea if you want to be sure.

Does anyone know an "anonymity" feature Tor browser offers that can't be replaced without it, given you disable Javascript? And I don't mean "convenience" things like the "new circuit" button; you can easily instruct tor daemon to do so without Tor browser ;)
 
… Why Tor browser is not available for FreeBSD? …

There is nothing special about Tor Browser
Tor Browser is just: Firefox + Tor

[HOWTO] use Tor network and web proxy

… a strong need to educate users.
aaaand again: NO, IT IS NOT! Tor Browser is a modified version of Firefox! If you use your normal firefox behind tor you can pretty easily be traced.

Yes you can always be traced even with tor browser. tor is not secure as you think it is:

Is Tor Really Anonymous and Secure?

Unfortunately, there is no such thing as 100% security. You are at risk even if you use JavaScript in your browser!
Can you name some of the features that made Tor Browser better than Firefox or even Chromium?

Is Tor browser nothing more than Firefox + Tor?

I suspect not. Consider these Mozilla bugs:
– including their dependency trees:
– one of the two is too large to be graphed:

1647421875520.png
– the other:

2022-03-16 09-12 dependency draph for bug 1329996.png

– the two dependency lists (excluding resolved bugs):
 
Back
Top