tor-webwml.git

1) ## translation metadata
2) # Revision: $Revision$
3) # Translation-Priority: 3-low
4) 

5) #include "head.wmi" TITLE="Torbutton FAQ" CHARSET="UTF-8"

6) 
7) <div class="main-column">
8) 
9) <!-- PUT CONTENT AFTER THIS TAG -->
10) 
11) <h2>Torbutton FAQ</h2>
12) <hr />
13) 

14) <h3>Questions</h3>
15) <br />
16) <ul>
17) <li><a href="<page torbutton/faq>#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></li>
18) <li><a href="<page torbutton/faq>#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></li>
19) <li><a href="<page torbutton/faq>#noflash">I can't view videos on YouTube and other flash-based sites. Why?</a></li>
20) <li><a href="<page torbutton/faq>#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find annoying. Can't I just use the old version?</a></li>
21) <li><a href="<page torbutton/faq>#weirdstate">My browser is in some weird state where nothing works right!</a></li>
22) <li><a href="<page torbutton/faq>#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes for me. Why?</a></li>
23) <li><a href="<page torbutton/faq>#thunderbird">What about Thunderbird support? I see a page, but it is the wrong version?</a></li>
24) <li><a href="<page torbutton/faq>#extensionconflicts">Which Firefox extensions should I avoid using?</a></li>
25) <li><a href="<page torbutton/faq>#recommendedextensions">Which Firefox extensions do you recommend?</a></li>
26) <li><a href="<page torbutton/faq>#securityissues">Are there any other issues I should be concerned about?</a></li>
27) </ul>
28) <br />
29) 

30) <a id="nojavascript"></a>
31) <strong><a class="anchor" href="#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></strong>

32) 
33) <p>
34) Javascript can do things like wait until you have disabled Tor before trying
35) to contact its source site, thus revealing your IP address. As such, Torbutton
36) must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor

37) state changes from the state that was used to load a given page. These features

38) are re-enabled when Torbutton goes back into the state that was used to load
39) the page, but in some cases (particularly with Javascript and CSS) it is
40) sometimes not possible to fully recover from the resulting errors, and the
41) page is broken. Unfortunately, the only thing you can do (and still remain
42) safe from having your IP address leak) is to reload the page when you toggle
43) Tor, or just ensure you do all your work in a page before switching tor state.
44) </p>
45) 

46) <a id="noreloads"></a>
47) <strong><a class="anchor" href="#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></strong>

48) 
49) <p>
50) Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
51) Bug 409737</a>, pages can still open popups and perform Javascript redirects
52) and history access after Tor has been toggled. These popups and redirects can
53) be blocked, but unfortunately they are indistinguishable from normal user
54) interactions with the page (such as clicking on links, opening them in new
55) tabs/windows, or using the history buttons), and so those are blocked as a
56) side effect. Once that Firefox bug is fixed, this degree of isolation will
57) become optional (for people who do not want to accidentally click on links and
58) give away information via referrers). A workaround is to right click on the
59) link, and open it in a new tab or window. The tab or window won't load
60) automatically, but you can hit enter in the URL bar, and it will begin
61) loading. Hitting enter in the URL bar will also reload the page without
62) clicking the reload button.
63) </p>
64) 

65) <a id="noflash"></a>

66) <strong><a class="anchor" href="#noflash">I can't view videos on YouTube and
67) other Flash-based sites. Why?</a></strong>

68) 
69) <p>
70) 

71) YouTube and similar sites require third party browser plugins such as Flash.
72) Plugins operate independently from Firefox and can perform
73) activity on your computer that ruins your anonymity. This includes
74) but is not limited to: <a href="http://decloak.net">completely disregarding
75) proxy settings</a>, querying your <a

76) href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local

77) IP address</a>, and <a
78) href="http://epic.org/privacy/cookies/flash.html">storing their own

79) cookies</a>. It is possible to use a LiveCD, like <a

80) href="https://amnesia.boum.org/">The (Amnesic) Incognito Live System</a> that creates a

81) secure, transparent proxy to protect you from proxy bypass, however issues

82) with local IP address discovery and Flash cookies still remain.  </p>
83) 

84) <p>
85) 

86) If you are not concerned about being tracked by these sites (and sites that

87) try to unmask you by pretending to be them), and are unconcerned about your

88) local censors potentially noticing you visit them, you can enable plugins by
89) going into the Torbutton Preferences->Security Settings->Dynamic Content
90) tab and unchecking "Disable plugins during Tor usage" box. If you do this

91) without Tor VM, The (Amnesic) Incognito Live System or appropriate
92) firewall rules, we strongly suggest you at least use <a

93) href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a> to <a
94) href="http://noscript.net/features#contentblocking">block plugins</a>. You do
95) not need to use the NoScript per-domain permissions if you check the <b>Apply
96) these restrictions to trusted sites too</b> option under the NoScript Plugins
97) preference tab. In fact, with this setting you can even have NoScript allow
98) Javascript globally, but still block all plugins until you click on their
99) placeholders in a page. We also recommend <a
100) href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better Privacy</a>
101) in this case to help you clear your Flash cookies.

102) 
103) </p>
104) 

105) <a id="oldtorbutton"></a>
106) <strong><a class="anchor" href="#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find
107) annoying. Can't I just use the old version?</a></strong>

108) 

109) <p>

110) 
111) <b>No.</b> Use of the old version, or any other vanilla proxy changer

112) (including FoxyProxy -- see below) without Torbutton is actively discouraged.

113) Seriously. Using a vanilla proxy switcher by itself is so insecure that you are
114) not only just wasting your time, you are also actually endangering yourself.
115) <b>Simply do not use Tor</b> and you will have the same (and in some cases,
116) better) security.  For more information on the types of attacks you are exposed
117) to with a "homegrown" solution, please see <a

118) href="design/index.html#adversary">The Torbutton

119) Adversary Model</a>, in particular the <a

120) href="design/index.html#attacks">Adversary

121) Capabilities - Attacks</a> subsection. If there are any specific Torbutton
122) behaviors that you do not like, please file a bug on <a

123) href="https://bugs.torproject.org/flyspray/index.php?tasks=all&project=5">the

124) bug tracker.</a> Most of Torbutton's security features can also be disabled via
125) its preferences, if you think you have your own protection for those specific
126) cases.

127) 
128) </p>
129) 

130) <a id="weirdstate"></a>
131) <strong><a class="anchor" href="#weirdstate">My browser is in some weird state where nothing works right!</a></strong>

132) 
133) <p>
134) Try to disable Tor by clicking on the button, and then open a new window. If
135) that doesn't fix the issue, go to the preferences page and hit 'Restore
136) Defaults'. This should reset the extension and Firefox to a known good
137) configuration.  If you can manage to reproduce whatever issue gets your
138) Firefox wedged, please file details at <a
139) href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">the
140) bug tracker</a>.
141) </p>
142) 

143) <a id="noautocomplete"></a>
144) <strong><a class="anchor" href="#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes
145) for me. Why?</a></strong>

146) 
147) <p>
148) Currently, this is tied to the "<b>Block history writes during Tor</b>"
149) setting. If you have enabled that setting, all formfill functionality (both
150) saving and reading) is disabled. If this bothers you, you can uncheck that
151) option, but both history and forms will be saved. To prevent history
152) disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
153) history reads if you allow history writing during Tor.
154) </p>
155) 

156) <a id="thunderbird"></a>
157) <strong><a class="anchor" href="#thunderbird">What about Thunderbird support? I see a page, but it is the wrong
158) version?</a></strong>

159) 
160) <p>
161) Torbutton used to support basic proxy switching on Thunderbird back in the 1.0
162) days, but that support has been removed because it has not been analyzed for
163) security. My developer tools page on addons.mozilla.org clearly lists Firefox
164) support only, so I don't know why they didn't delete that Thunderbird listing.
165) I am not a Thunderbird user and unfortunately, I don't have time to analyze
166) the security issues involved with toggling proxy settings in that app. It
167) likely suffers from similar (but not identical) state and proxy leak issues
168) with html mail, embedded images, javascript, plugins and automatic network
169) access. My recommendation is to create a completely separate Thunderbird
170) profile for your Tor accounts and use that instead of trying to toggle proxy
171) settings. But if you really like to roll fast and loose with your IP, you
172) could try another proxy switcher like ProxyButton, SwitchProxy or FoxyProxy
173) (if any of those happen to support thunderbird).
174) </p>
175) 

176) <a id="extensionconflicts"></a>
177) <strong><a class="anchor" href="#extensionconflicts">Which Firefox extensions should I avoid using?</a></strong>

178) 
179) <p>
180) This is a tough one. There are thousands of Firefox extensions: making a
181) complete list of ones that are bad for anonymity is near impossible. However,
182) here are a few examples that should get you started as to what sorts of
183) behavior are dangerous.
184) </p>
185) 
186) <ol>

187)  <li>StumbleUpon, et al

188)  <p>

189)  These extensions will send all sorts of information about the websites you
190)  visit to the stumbleupon servers, and correlate this information with a
191)  unique identifier. This is obviously terrible for your anonymity.
192)  More generally, any sort of extension that requires registration, or even
193)  extensions that provide information about websites you visit should be
194)  suspect.

195)  </p></li>

196)  <li>FoxyProxy
197) <p>

198) While FoxyProxy is a nice idea in theory, in practice it is impossible to
199) configure securely for Tor usage without Torbutton. Like all vanilla third
200) party proxy plugins, the main risks are <a
201) href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
202) and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
203) disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
204) adservers (see the <a href="design/index.html#adversary">Torbutton Adversary

205) Model</a> for more information). However, with Torbutton installed in tandem
206) and always enabled, it is possible to configure FoxyProxy securely (though it
207) is tricky). Since FoxyProxy's 'Patterns' mode only applies to specific urls,
208) and not to an entire tab, setting FoxyProxy to only send specific sites
209) through Tor will still allow adservers (whose hosts don't match your filters) to learn your real IP. Worse, when
210) sites use offsite logging services such as Google Analytics, you will
211) still end up in their logs with your real IP. Malicious exit nodes can also
212) cooperate with sites to inject images into pages that bypass your filters.
213) Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in

214) this regard, but be very careful with the filters you allow. For example,

215) something as simple as allowing *google* to go via Non-Tor will still cause you to end up

216) in all the logs of all websites that use Google Analytics!  See

217) <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this question</a> on

218) the FoxyProxy FAQ for more information.

219)  </p></li>

220) </ol>
221) 

222) <a id="recommendedextensions"></a>
223) <strong><a class="anchor" href="#recommendedextensions">Which Firefox extensions do you recommend?</a></strong>

224) <ol>

225)  <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a>
226) 	<p>
227) Mentioned above, this extension allows more fine-grained referrer spoofing

228) than Torbutton currently provides. It should break less sites than Torbutton's

229) referrer spoofing option.</p></li>

230) 

231)  <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a>

232) <p>

233) If you use Tor excessively, and rarely disable it, you probably want to

234) install this extension to minimize the ability of sites to store long term
235) identifiers in your cache. This extension applies same origin policy to the
236) cache, so that elements are retrieved from the cache only if they are fetched

237) from a document in the same origin domain as the cached element.

238) </p></li>

239) 
240)  <li><a href="https://addons.mozilla.org/en-US/firefox/addon/6623">Better
241) Privacy</a>
242)  <p>
243) 
244) Better Privacy is an excellent extension that protects you from cookies used
245) by Flash applications, which often persist forever and are not clearable via
246) normal Firefox "Private Data" clearing. Flash and all other plugins are
247) disabled by Torbutton by default, but if you are interested in privacy, you
248) may want this extension to allow you to inspect and automatically clear your
249) Flash cookies for your Non-Tor usage.
250) 
251)  </p>
252)  </li>
253)  <li><a href="https://addons.mozilla.org/firefox/addon/1865">AdBlock Plus</a>
254)  <p>
255) 
256) AdBlock Plus is an excellent addon for removing annoying, privacy-invading,
257) and <a
258) href="http://www.wired.com/techbiz/media/news/2007/11/doubleclick">malware-distributing</a>

259) advertisements from the web. It provides

260) <a href="http://adblockplus.org/en/subscriptions">subscriptions</a> that are
261) continually updated to catch the latest efforts of ad networks to circumvent
262) these filters. I recommend the EasyPrivacy+EasyList combination filter
263) subscription in the Miscellaneous section of the subscriptions page.
264) 
265)  </p>

266) </li> 
267) <li><a href="https://addons.mozilla.org/firefox/addon/82">Cookie Culler</a>

268)  <p>
269) 
270) Cookie Culler is a handy extension to give quick access to the cookie manager
271) in Firefox. It also provides the ability to protect certain cookies from
272) deletion, but unfortunately, this behavior does not integrate well with Torbutton. Kory Kirk is working on addressing this for this Google Summer of Code project for 2009.
273) 
274)  </p>
275)  </li>
276) 
277)  <li><a href="https://addons.mozilla.org/en-US/firefox/addon/722">NoScript</a>
278)  <p>
279)  Torbutton currently mitigates all known anonymity issues with Javascript.
280)  However, if you are concerned about Javascript exploits against your browser
281)  or against websites you are logged in to, you may want to use NoScript. It

282)  provides the ability to allow Javascript only for particular websites
283)  and also provides mechanisms to force HTTPS urls for sites with

284) <a href="http://fscked.org/category/tags/insecurecookies">insecure
285)  cookies</a>.<br>
286) 

287)  It can be difficult to configure such that the most sites will work
288)  properly though. In particular, you want to make sure you do not remove
289)  the Javascript whitelist for

290)  addons.mozilla.org, as extensions are downloaded via http and verified by
291)  javascript from the https page.
292) 
293)  </p></li>
294)  <li><a href="https://addons.mozilla.org/en-US/firefox/addon/9727/">Request
295) Policy</a>
296)  <p>
297) 
298) Request Policy is similar to NoScript in that it requires that you configure
299) which sites are allowed to load content from other domains. It can be very
300) difficult for novice users to configure properly, but it does provide a good
301) deal of protection against ads, injected content, and cross-site request
302) forgery attacks.
303) 
304)  </p>
305)  </li>
306) 

307) </ol>
308) 

309) <a id="securityissues"></a>
310) <strong><a class="anchor" href="#securityissues">Are there any other issues I should be concerned about?</a></strong>

311) 
312) <p>

313) 

314) There are a few known security issues with Torbutton (all of which are due to

315) <a href="design/index.html#FirefoxBugs">unfixed Firefox security bugs</a>).
316) However, most of these relate to fingerprinting issues, as opposed to outright
317) anonymity leaks.
318)