Let your plans be dark and impenetrable as night, and when you move, fall like a thunderbolt.

Tor Browser vs Your Browser

There are two main choices to use tor: Use the Tor Browser Bundle(TBB), or manually setup a computer to run tor. Maybe you’ve spent time making a secure host and you only route traffic over tor and you’ve employed various security protections to limit your risk, etc. So you, you say to yourself, “I don’t need the Tor Browser Bundle, I’ve already installed tor.” You would be wrong.

The Tor Browser (part of TBB) offers a lot of additional security protections that your “raw” browser doesn’t. Mike Perry who manages the TBB portion of the Tor Project (among other things) has put in a lot of work.

Here are just a few reasons:

Reason #1: WebRTC

Here’s a quick example: Remember the private IP disclosure vulnerability that’s possible using WebRTC? Well the only browser (AFAIK) that isn’t vulnerable to this issue is the Tor Browser. You can’t prevent it by disabling JavaScript and you can’t block it through an extension. And we know that Chrome, Safari, IE, and Opera aren’t any help either.

This issue alone should scare you into reconsidering using a raw browser no matter how many extensions you have installed. By the way, if you’re interested in seeing how you can disable WebRTC from firefox, it’s a compiletime flag: --disable-webrtc.

Unique Identifiers

If I can correlate your website visit across mutiple sessions I can potentially deanonymize you in the case that you visit my site over tor and then in the clear. Even in the best case, I will still be able to watch your activities across multiple visits. What if I can correlate between when you log in as user A to those when you log in as user B.

There are so many situations where a malicious web page could include some kind of identifying token. The ones mitigated by TB include:

  • HTTP auth headers (e.g. http://{IDENTIFIER}username:password@website.com/)
  • Cache lookup (e.g. injecting an ID into the cache and check to see if it exists on next visit)
  • Cookies (e.g. tracking cookie identified by third parties)
  • HSTS super cookies (e.g. multi-site owners can build a unique ID based on whether a user has a cached HSTS record for a particular set of domains)

Fingerprinting Defenses

Fingerprinting the browser, the hardware, the user, the location, or any kind of identifying information related to a user’s session is a very difficult attack to completely defend against. TB does what it can though to defend against this scenario. There are some crazy attacks available including:

Maybe TB hasn’t solved this problem but the question is, what do you think your current browser is doing?

Plugin Controls

Your extensions/plugins/addons are terrifying. They can do whatever they want, not only to your browser, but to anything on your system. Because of this, TB has patched the DNS service to ensure that a browser extension doesn’t accidentally leak your DNS requests. This is also done for OCSP so that certificate lookups must be done over the SOCKS proxy and tor.

Similarly, when loading the Flash or Gnash plugin, TB uses the click-to-play control so that in order to play a Flash applet, the user must explicitally click on it before it executes. The risk of Flash or any plugin for that matter goes back to whether it always adheres to proxy settings as well as what type of information is exposed to the applet. Can they obtain your local IP? Can they access a session cookie?

External Event Blocking

On your computer right now, you’ve likely setup default programs associated with certain types of files. In a browser, you can also setup external programs associated to a protocol. For example tel://, skype://, or ssh:// allows a browser to automatically send data from the browser into the associated program. There’s a risk here that it will disclose your private info to those programs and therefore compromise your anonymity.

The defense in this case is present a pop-up whenever a request to leave the browser is made.

History and Storage

TB does everything it can to never touch your disk and never allow your browsing history to be saved to a file. There are a lot of ways this is accomplished but the risk has been that if the history or sensitive information is stored on disk, it may be accessible to other appliations or to a forensic investigator.

More information

There’s dozens of other reasons that may or may not be applicable to your plans. The point here again is, the level of effort that the Tor Browser has employed makes you question how secure your current browser configuration is.