[tor-talk] newbie: tor browser bundle and privoxy

Julian Yon julian at yon.org.uk
Fri Dec 30 17:31:03 UTC 2011


Привет Иван,

I am not a Tor developer but I will try to answer (in English, as my
Russian is appalling).

On 30/12/11 16:31, Ivan Ivanov wrote:
> i found, that *Tor Browser Bundle* consist of:
> 
>    * Vidalia 0.2.15
>    * Tor 0.2.2.35 (with libevent-2.0.16-stable, zlib-1.2.5, openssl-1.0.0e)
>    * Mozilla Aurora 9.0.1 and Torbutton 1.4.5.1)
>    * Pidgin 2.7.5 and OTR 3.2 (only in Tor IM Browser Bundle)
> 
> So, Tor Browser Bundle does not contain Privoxy.
> Now question: does this mean, that Tor Browser Bundle is less secure
> than separately installed Tor + Privoxy?
> P.S. sorry for my rough english.

The applications within TBB have been audited for DNS leaks. If you only
use those apps then you should not have that problem to worry about. A
greater issue is that of your usage pattern, i.e. if you give away your
identity by another means (e.g. by posting on a mailing list, or logging
into Facebook) there is nothing Tor (or Privoxy) can do about it.

If you wish to use other applications with Tor then you may need to take
precautions to avoid DNS and other leaks. This is easier said than done,
and if you lack the necessary computer science knowledge then I would
advise considering whether it's a risk you need to take. Merely
installing something like Privoxy will do nothing except give you a
false sense of security.

If you dig through the torproject.org website you will find information
concerning this topic; approaches include creating a separate user
account which transparently torifies all network activity, or performing
all anonymous work within a dedicated virtual machine.

If you can achieve everything you need through the Tor Browser itself
then your privacy is primarily dependent on your own discipline. IMHO
this would be the best path for a newbie to take.


Regards,
Julian

-- 
3072D/D2DE707D Julian Yon (2011 General Use) <pgp.2011 at jry.me>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111230/a5d3e6f9/attachment-0001.pgp>


More information about the tor-talk mailing list