torbutton/en/faq.wml (23b1b6704) - tor-webwml.git

faq.wml

## translation metadata
# Revision: $Revision$
# Translation-Priority: 3-low

#include "head.wmi" TITLE="Torbutton FAQ"

<h2>Torbutton FAQ</h2>
<hr />

<h3>Questions</h3>
 
<ul>
<li><a href="<page torbutton/faq>#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a></li>
<li><a href="<page torbutton/faq>#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a></li>
<li><a href="<page torbutton/faq>#noflash">I can't view videos on YouTube and other flash-based sites. Why?</a></li>
<li><a href="<page torbutton/faq>#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find annoying. Can't I just use the old version?</a></li>
<li><a href="<page torbutton/faq>#weirdstate">My browser is in some weird state where nothing works right!</a></li>
<li><a href="<page torbutton/faq>#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes for me. Why?</a></li>
<li><a href="<page torbutton/faq>#thunderbird">What about Thunderbird support? I see a page, but it is the wrong version?</a></li>
<li><a href="<page torbutton/faq>#extensionconflicts">Which Firefox extensions should I avoid using?</a></li>
<li><a href="<page torbutton/faq>#recommendedextensions">Which Firefox extensions do you recommend?</a></li>
<li><a href="<page torbutton/faq>#securityissues">Are there any other issues I should be concerned about?</a></li>
</ul>

<a id="nojavascript"></a>
<a class="anchor" href="#nojavascript">When I toggle Tor, my sites that use javascript stop working. Why?</a>

Javascript can do things like wait until you have disabled Tor before trying
to contact its source site, thus revealing your IP address. As such, Torbutton
must disable Javascript, Meta-Refresh tags, and certain CSS behavior when Tor
state changes from the state that was used to load a given page. These features 
are re-enabled when Torbutton goes back into the state that was used to load
the page, but in some cases (particularly with Javascript and CSS) it is
sometimes not possible to fully recover from the resulting errors, and the
page is broken. Unfortunately, the only thing you can do (and still remain
safe from having your IP address leak) is to reload the page when you toggle
Tor, or just ensure you do all your work in a page before switching tor state.

<a id="noreloads"></a>
<a class="anchor" href="#noreloads">I can't click on links or hit reload after I toggle Tor! Why?</a>

Due to <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=409737">Firefox
Bug 409737</a>, pages can still open popups and perform Javascript redirects
and history access after Tor has been toggled. These popups and redirects can
be blocked, but unfortunately they are indistinguishable from normal user
interactions with the page (such as clicking on links, opening them in new
tabs/windows, or using the history buttons), and so those are blocked as a
side effect. Once that Firefox bug is fixed, this degree of isolation will
become optional (for people who do not want to accidentally click on links and
give away information via referrers). A workaround is to right click on the
link, and open it in a new tab or window. The tab or window won't load
automatically, but you can hit enter in the URL bar, and it will begin
loading. Hitting enter in the URL bar will also reload the page without
clicking the reload button.

<a id="noflash"></a>
<a class="anchor" href="#noflash">I can't view videos on YouTube and other flash-based sites. Why?</a>

Plugins are binary blobs that get inserted into Firefox and can perform
arbitrary activity on your computer. This includes but is not limited to: <a
href="http://www.metasploit.com/research/projects/decloak/">completely
disregarding proxy settings</a>, querying your <a
href="http://forums.sun.com/thread.jspa?threadID=5162138&amp;messageID=9618376">local
IP address</a>, and <a
href="http://epic.org/privacy/cookies/flash.html">storing their own
cookies</a>. It is possible to use a LiveCD or VMWare-based solution such as
<a href="http://anonymityanywhere.com/incognito/">Incognito</a> that creates a
secure, transparent proxy to protect you from proxy bypass, however issues
with local IP address discovery and Flash cookies potentially remain.

<a id="oldtorbutton"></a>
<a class="anchor" href="#oldtorbutton">Torbutton sure seems to do a lot of things, some of which I find
annoying. Can't I just use the old version?</a>

No. Use of the old version, or any other vanilla proxy changer
(including FoxyProxy -- see below) without Torbutton is actively discouraged.
Seriously. Using a vanilla proxy switcher by itself is so insecure that you
are not only just wasting your time, you are also actually endangering
yourself. Simply do not use Tor and you will have the same (and in some cases,
better) security. For more information on the types of attacks you are
exposed to with a "homegrown" solution, please see <a
href="https://www.torproject.org/torbutton/design/#adversary">The Torbutton
Adversary Model</a>, in particular the 
<a href="https://www.torproject.org/torbutton/design/#attacks">Adversary
Capabilities - Attacks</a> subsection. If there are any specific Torbutton
behaviors that you do not like, please file a bug on <a
href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">the
bug tracker.</a> Most of Torbutton's security features can also be disabled
via its preferences, if you think you have your own protection for those
specific cases.

<a id="weirdstate"></a>
<a class="anchor" href="#weirdstate">My browser is in some weird state where nothing works right!</a>

Try to disable Tor by clicking on the button, and then open a new window. If
that doesn't fix the issue, go to the preferences page and hit 'Restore
Defaults'. This should reset the extension and Firefox to a known good
configuration. If you can manage to reproduce whatever issue gets your
Firefox wedged, please file details at <a
href="https://bugs.torproject.org/flyspray/index.php?tasks=all&amp;project=5">the
bug tracker</a>.

<a id="noautocomplete"></a>
<a class="anchor" href="#noautocomplete">When I use Tor, Firefox is no longer filling in logins/search boxes
for me. Why?</a>

Currently, this is tied to the "Block history writes during Tor"
setting. If you have enabled that setting, all formfill functionality (both
saving and reading) is disabled. If this bothers you, you can uncheck that
option, but both history and forms will be saved. To prevent history
disclosure attacks via Non-Tor usage, it is recommended you disable Non-Tor
history reads if you allow history writing during Tor.

<a id="thunderbird"></a>
<a class="anchor" href="#thunderbird">What about Thunderbird support? I see a page, but it is the wrong
version?</a>

Torbutton used to support basic proxy switching on Thunderbird back in the 1.0
days, but that support has been removed because it has not been analyzed for
security. My developer tools page on addons.mozilla.org clearly lists Firefox
support only, so I don't know why they didn't delete that Thunderbird listing.
I am not a Thunderbird user and unfortunately, I don't have time to analyze
the security issues involved with toggling proxy settings in that app. It
likely suffers from similar (but not identical) state and proxy leak issues
with html mail, embedded images, javascript, plugins and automatic network
access. My recommendation is to create a completely separate Thunderbird
profile for your Tor accounts and use that instead of trying to toggle proxy
settings. But if you really like to roll fast and loose with your IP, you
could try another proxy switcher like ProxyButton, SwitchProxy or FoxyProxy
(if any of those happen to support thunderbird).

<a id="extensionconflicts"></a>
<a class="anchor" href="#extensionconflicts">Which Firefox extensions should I avoid using?</a>

This is a tough one. There are thousands of Firefox extensions: making a
complete list of ones that are bad for anonymity is near impossible. However,
here are a few examples that should get you started as to what sorts of
behavior are dangerous.

<ol>
 <li>StumbleUpon, et al
	
 These extensions will send all sorts of information about the websites you
 visit to the stumbleupon servers, and correlate this information with a
 unique identifier. This is obviously terrible for your anonymity.
 More generally, any sort of extension that requires registration, or even
 extensions that provide information about websites you visit should be
 suspect.
 </li>
 <li>FoxyProxy

While FoxyProxy is a nice idea in theory, in practice it is impossible to
configure securely for Tor usage without Torbutton. Like all vanilla third
party proxy plugins, the main risks are <a
href="http://www.metasploit.com/research/projects/decloak/">plugin leakage</a>
and <a href="http://ha.ckers.org/weird/CSS-history.cgi">history
disclosure</a>, followed closely by cookie theft by exit nodes and tracking by
adservers (see the <a href="design/index.html#adversary">Torbutton Adversary
Model</a> for more information). However, with Torbutton installed in tandem
and always enabled, it is possible to configure FoxyProxy securely (though it
is tricky). Since FoxyProxy's 'Patterns' mode only applies to specific urls,
and not to an entire tab, setting FoxyProxy to only send specific sites
through Tor will still allow adservers (whose hosts don't match your filters) to learn your real IP. Worse, when
sites use offsite logging services such as Google Analytics, you will
still end up in their logs with your real IP. Malicious exit nodes can also
cooperate with sites to inject images into pages that bypass your filters.
Setting FoxyProxy to only send certain URLs via Non-Tor is much more secure in
this regard, but be very careful with the filters you allow. For example, 
something as simple as allowing *google* to go via Non-Tor will still cause you to end up
in all the logs of all websites that use Google Analytics! See <a
href="http://foxyproxy.mozdev.org/faq.html#privacy-01">this question</a> on
the FoxyProxy FAQ for more information.
 </li>
 <li>NoScript
 
 Torbutton currently mitigates all known anonymity issues with Javascript.
 While it may be tempting to get better security by disabling Javascript for
 certain sites, you are far better off with an all-or-nothing approach.
 NoScript is exceedingly complicated, and has many subtleties that can surprise
 even advanced users. For example, addons.mozilla.org verifies extension
 integrity via Javascript over https, but downloads them in the clear. Not 
 adding it to your whitelist effectively
 means you are pulling down unverified extensions. Worse still, using NoScript
 can actually disable protections that Torbutton itself provides via
 Javascript, yet still allow malicious exit nodes to compromise your
 anonymity via the default whitelist (which they can spoof to inject any script they want). 
</li>
</ol>

<a id="recommendedextensions"></a>
<a class="anchor" href="#recommendedextensions">Which Firefox extensions do you recommend?</a>
<ol>
 <li><a href="https://crypto.stanford.edu/forcehttps/">ForceHTTPS</a>
	
Many sites on the Internet are <a
href="http://www.defcon.org/html/defcon-16/dc-16-speakers.html#Perry">sloppy
about their use of HTTPS</a> and secure
cookies. This addon can help you ensure that you always use HTTPS for sites
that support it, and reduces the chances of your cookies being stolen for
sites that do not secure them.</li>
 <li><a href="https://addons.mozilla.org/firefox/addon/953">RefControl</a>
	
Mentioned above, this extension allows more fine-grained referrer spoofing
than Torbutton currently provides. It should break less sites than Torbutton's
referrer spoofing option.</li>
 <li><a href="https://addons.mozilla.org/firefox/addon/1474">SafeCache</a>
	
If you use Tor excessively, and rarely disable it, you probably want to
install this extension to minimize the ability of sites to store long term
identifiers in your cache. This extension applies same origin policy to the
cache, so that elements are retrieved from the cache only if they are fetched
from a document in the same origin domain as the cached element. 
</li>
</ol>

<a id="securityissues"></a>
<a class="anchor" href="#securityissues">Are there any other issues I should be concerned about?</a>

There are a few known security issues with Torbutton (all of which are due to
<a href="https://www.torproject.org/torbutton/design/#FirefoxBugs">unfixed
Firefox security bugs</a>). The most important for anonymity is that it is
possible to unmask the javascript hooks that wrap the Date object to conceal
your timezone in Firefox 2, and the timezone masking code does not work at all
on Firefox 3. We are working with the Firefox team to fix one of <a
href="https://bugzilla.mozilla.org/show_bug.cgi?id=392274">Bug 399274</a> or
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=419598">Bug 419598</a>
to address this. In the meantime, it is possible to set the TZ
environment variable to UTC to cause the browser to use UTC as your
timezone. Under Linux, you can add an export TZ=UTC to the
/usr/bin/firefox script, or edit your system bashrc to do the same. Under
Windows, you can set either a <a
href="http://support.microsoft.com/kb/310519">User or System Environment
Variable</a> for TZ via My Computer's properties. In MacOS, the situation is
<a
href="http://developer.apple.com/documentation/MacOSX/Conceptual/BPRuntimeConfig/Articles/EnvironmentVars.html#//apple_ref/doc/uid/20002093-BCIJIJBH">a
lot more complicated</a>, unfortunately.

In addition, RSS readers such as Firefox Livemarks can perform
periodic fetches. Due to <a
href="https://bugzilla.mozilla.org/show_bug.cgi?id=436250">Firefox Bug
436250</a>, there is no way to disable Livemark fetches during Tor. This can
be a problem if you have a lot of custom Livemark urls that can give away
information about your identity.

</div>

#include <foot.wmi>

tor-webwml.git

Add a list of questions to the top for easier navigation.