tor-webwml.git

1) ## translation metadata
2) # Revision: $Revision$
3) # Translation-Priority: 3-low
4) 
5) #include "head.wmi" TITLE="Torbutton FAQ"
6) 
7) <div class="main-column">
8) 
9) <!-- PUT CONTENT AFTER THIS TAG -->
10) 
11) <h2>Torbutton FAQ</h2>
12) <hr />
13) 

14) <strong>When I toggle Tor, my sites that use javascript stop working. Why?</strong>
15) 
16) <p>
17) Javascript can do things like wait until you have disabled Tor before trying
18) to contact its source site, thus revealing your IP address. As such, Torbutton
19) must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor
20) state changes from the state that was used to load a given page. These features 
21) are re-enabled when Torbutton goes back into the state that was used to load
22) the page, but in some cases (particularly with Javascript and CSS) it is
23) sometimes not possible to fully recover from the resulting errors, and the
24) page is broken. Unfortunately, the only thing you can do (and still remain
25) safe from having your IP address leak) is to reload the page when you toggle
26) Tor, or just ensure you do all your work in a page before switching tor state.
27) </p>
28) 

29) <strong>I can't click on links or hit reload after I toggle Tor! Why?</strong>
30) 
31) <p>
32) Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
33) Bug 409737</a>, pages can still open popups and perform Javascript redirects
34) and history access after Tor has been toggled. These popups and redirects can
35) be blocked, but unfortunately they are indistinguishable from normal user
36) interactions with the page (such as clicking on links, opening them in new
37) tabs/windows, or using the history buttons), and so those are blocked as a
38) side effect. Once that Firefox bug is fixed, this degree of isolation will
39) become optional (for people who do not want to accidentally click on links and
40) give away information via referrers). A workaround is to right click on the
41) link, and open it in a new tab or window. The tab or window won't load
42) automatically, but you can hit enter in the URL bar, and it will begin
43) loading. Hitting enter in the URL bar will also reload the page without
44) clicking the reload button.
45) </p>
46) 

47) 
48) <strong>I can't view videos on youtube and other flash-based sites. Why?</strong>
49) 
50) <p>
51) 
52) Plugins are binary blobs that get inserted into Firefox, can perform
53) arbitrary activity on your computer. This includes but is not limited to: <a
54) href="http://www.metasploit.com/research/projects/decloak/">completely
55) disregarding proxy settings</a>, querying your <a
56) href="http://forums.sun.com/thread.jspa?threadID=5162138&messageID=9618376">local
57) IP address</a>, and <a
58) href="http://epic.org/privacy/cookies/flash.html">storing their own
59) cookies</a>. It is possible to use a LiveCD or VMWare-based solution such as
60) <a href="http://anonymityanywhere.com/incognito/">Incognito</a> that creates a
61) secure, transparent proxy to protect you from proxy bypass, however issues
62) with local IP address discovery and Flash cookies potentially remain.
63) 
64) </p>
65) 
66) <strong>Torbutton sure seems to do a lot of things, some of which I find
67) annoying. Can't I just use the old version?</strong>
68) 
69) <p> 
70) 
71) <b>No.</b> Use of the old version, or any other vanilla proxy changer
72) (including FoxyProxy -- see below) is actively discouraged. Seriously. Using a
73) vanilla proxy switcher by itself is so insecure that you are not only just
74) wasting your time, you are also actually endangering yourself. Simply do not
75) use Tor and you will have the same (or perhaps better!) security. For more
76) information on the types of attacks you are exposed to with a "homegrown"
77) solution, please see <a
78) href="https://www.torproject.org/torbutton/design/#adversary">The Torbutton
79) Adversary Model</a>, in particular the <b>Adversary Capabilities - Attacks</b>
80) subsection. If there are any specific Torbutton behaviors that you do not
81) like, please file a bug on <a
82) href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">the
83) bug tracker.</a> Most of Torbutton's security features can also be disabled
84) via its preferences, if you think you have your own protection for those
85) specific cases.
86) 
87) </p>
88) 
89) 

90) <strong>My browser is in some weird state where nothing works right!</strong>
91) 
92) <p>
93) Try to disable Tor by clicking on the button, and then open a new window. If
94) that doesn't fix the issue, go to the preferences page and hit 'Restore
95) Defaults'. This should reset the extension and Firefox to a known good
96) configuration.  If you can manage to reproduce whatever issue gets your
97) Firefox wedged, please file details at <a
98) href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">the
99) bug tracker</a>.
100) </p>
101) 
102) 
103) <strong>When I use Tor, Firefox is no longer filling in logins/search boxes
104) for me. Why?</strong>
105) 
106) <p>
107) Currently, this is tied to the "<b>Block history writes during Tor</b>"
108) setting. If you have enabled that setting, all formfill functionality (both
109) saving and reading) is disabled. If this bothers you, you can uncheck that
110) option, but both history and forms will be saved. To prevent history
111) disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
112) history reads if you allow history writing during Tor.
113) </p>
114) 

115) <strong>What about Thunderbird support? I see a page, but it is the wrong
116) version?</strong>
117) 
118) <p>
119) Torbutton used to support basic proxy switching on Thunderbird back in the 1.0
120) days, but that support has been removed because it has not been analyzed for
121) security. My developer tools page on addons.mozilla.org clearly lists Firefox
122) support only, so I don't know why they didn't delete that Thunderbird listing.
123) I am not a Thunderbird user and unfortunately, I don't have time to analyze
124) the security issues involved with toggling proxy settings in that app. It
125) likely suffers from similar (but not identical) state and proxy leak issues
126) with html mail, embedded images, javascript, plugins and automatic network
127) access. My recommendation is to create a completely separate Thunderbird
128) profile for your Tor accounts and use that instead of trying to toggle proxy
129) settings. But if you really like to roll fast and loose with your IP, you
130) could try another proxy switcher like ProxyButton, SwitchProxy or FoxyProxy
131) (if any of those happen to support thunderbird).
132) 
133) </p>
134) 

135) <strong>Which Firefox extensions should I avoid using?</strong>
136) 
137) <p>
138) This is a tough one. There are thousands of Firefox extensions: making a
139) complete list of ones that are bad for anonymity is near impossible. However,
140) here are a few examples that should get you started as to what sorts of
141) behavior are dangerous.
142) </p>
143) 
144) <ol>
145)  <li>StumbleUpon, et al</li>
146)  These extensions will send all sorts of information about the websites you
147)  visit to the stumbleupon servers, and correlate this information with a
148)  unique identifier. This is obviously terrible for your anonymity.
149)  More generally, any sort of extension that requires registration, or even
150)  extensions that provide information about websites you visit should be
151)  suspect.
152) 
153)  <li>FoxyProxy</li>
154) 
155) While FoxyProxy is a nice idea in theory, in practice it is impossible to
156) configure securely for Tor usage without Torbutton. Like all vanilla third
157) party proxy plugins, the main risks are <a
158) href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
159) and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
160) disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
161) adservers (see the <a href="design/index.html#adversary">Torbutton Adversary
162) Model</a> for more information). However, even with Torbutton installed in
163) tandem and always enabled, it is still very difficult (though not impossible)
164) to configure FoxyProxy securely. Since FoxyProxy's 'Patterns' mode only
165) applies to specific urls, and not to an entire tab, setting FoxyProxy to only
166) send specific sites through Tor will still allow adservers to still learn your
167) real IP. Worse, if those sites use offsite logging services such as Google
168) Analytics, you may still end up in their logs with your real IP. Malicious
169) exit nodes can also cooperate with sites to inject images into pages that
170) bypass your filters. Setting FoxyProxy to only send certain URLs via Non-Tor
171) is much more viable, but be very careful with the filters you allow. For
172) example, something as simple as allowing *google* to go via Non-Tor will still
173) cause you to end up in all the logs of all websites that use Google Analytics!
174) See <a href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this
175) question</a> on the FoxyProxy FAQ for more information.
176) 
177)  <li>NoScript</li>
178)  Torbutton currently mitigates all known anonymity issues with Javascript.
179)  While it may be tempting to get better security by disabling Javascript for
180)  certain sites, you are far better off with an all-or-nothing approach.
181)  NoScript is exceedingly complicated, and has many subtleties that can surprise
182)  even advanced users. For example, addons.mozilla.org verifies extension
183)  integrity via Javascript over https, but downloads them in the clear. Not 
184)  adding it to your whitelist effectively
185)  means you are pulling down unverified extensions. Worse still, using NoScript
186)  can actually disable protections that Torbutton itself provides via
187)  Javascript, yet still allow malicious exit nodes to compromise your
188)  anonymity via the default whitelist (which they can spoof to inject any script  they want). 
189) 
190) </ol>
191) 
192) <strong>Which Firefox extensions do you recommend?</strong>
193) <ol>
194)  <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a></li>
195)  Mentioned above, this extension allows more fine-grained referrer spoofing
196) than Torbutton currently provides. It should break less sites than Torbutton's
197) referrer spoofing option.
198)  <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a></li>
199)  If you use Tor excessively, and rarely disable it, you probably want to
200) install this extension to minimize the ability of sites to store long term
201) identifiers in your cache. This extension applies same origin policy to the
202) cache, so that elements are retrieved from the cache only if they are fetched
203) from a document in the same origin domain as the cached element. 

204)  <li><a href="https://crypto.stanford.edu/forcehttps/">ForceHTTPS</a></li>
205) Many sites on the Internet are <a
206) href="http://www.defcon.org/html/defcon-16/dc-16-speakers.html#Perry">sloppy
207) about their use of HTTPS</a> and secure
208) cookies. This addon can help you ensure that you always use HTTPS for sites
209) that support it, and reduces the chances of your cookies being stolen for
210) sites that do not secure them.

211) </ol>
212) 
213) <strong>Are there any other issues I should be concerned about?</strong>
214) 
215) <p>

216) There are a few known security issues with Torbutton (all of which are due to
217) <a href="https://www.torproject.org/torbutton/design/#FirefoxBugs">unfixed
218) Firefox security bugs</a>). The most important for anonymity is that it is