[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

New version of TBB no longer accepts FoxyProxy plugin.

Random Agent Spoofer spoofs resolution along with many other fingerprinting vectors (although for pseudonymity, we don’t care about vm-specific fingerprinting, just system-wide fingerprinting).

The obvious advantage of TBB is that you don’t need to manage multiple pseudonyms (something with which you are very familiar :slight_smile: ). As you know, user error working with pseudonyms is very dangerous but helped by the fact that Qubes VMs are so inexpensive.

Assuming:

  • Virtualizer does its job
  • Whonix does its job
  • Iceweasel is no more bug-prone than TBB
  • Add-ons do their job

Managing a (manageable set of) pseudonyms should be a viable alternative to relying on a very thin anonymity set. But you should have the last word on that…

Add: Biggest danger is that a fingerprinting vector exists that you are not aware of. If you duplicate the setup across multiple pseudonyms, you could be linked by this unknown vector.

Don’t. :wink:

In case of Qubes, doesn’t do its job. One severe example:

1 Like

Good day,

Thanks for pointing that out, to clarify, that was obviously only a very small scetch to illustrate the point.

But like mentioned, the resolution wouldn’t be readable without JavaScript.

I never said the FoxyProxy had malicious intentions. All Plugins, regardless of their intent and whether they are open source or not are said to be the easiest way to track someone:

In general, plugins and fonts are the most identifying metrics, followed by User Agent, HTTP Accept, and screen resolution, though all of the metrics are uniquely identifying in some cases.

Like I said, this isn’t unique to this plugin/addon, but to every plugin/addon used, as every plugin/addon makes you “trackable” simply by its existence. Even using a different version of an addon can increase your fingerprint, as explained here:

In the case of the algorithm we deployed, those events include upgrades to the browser, upgrading a plugin, disabling cookies, installing a new font or an external application which includes fonts, or connecting an external monitor which alters the screen resolution.

Source: https://panopticlick.eff.org/static/browser-uniqueness.pdf

Now, like said before, I’ve read a few times that the reason for this isn’t that the addons are “read” the way they are but, like mentioned before are simply used as a base for creating a string value by the browser itself. The reason for that is, if I recall logistics (less to send around) as well as identifiability. Once I’ve found a source for that specific “creation” part, in English, I’ll send it to you.

Have a nice day,

Ego

Ego:

But like mentioned, the resolution wouldn’t be readable without JavaScript.

ip-check.info can detect the resolution with noscript enabled. (IIRC
through CSS.)

1 Like

Good day,

Right, forgoth that. Sorry, shouldn’t have happened. Is rather embarrassing actually, since I should know that way better than most people, keeping in mind that’s what I currently use to determine whether the mobile mode is on or off on the “whonix-prototype-homepage”…

Have a nice day,

Ego

No problem at all. :slight_smile:

1 Like

The reason why I wanted to use a proxy is because some sites ban Tor IP at all cost. FoxyProxy was an easy approach that did just that but TBB is not accepting it now.

I’m not willing to use Ice Weasel or Firefox ESR + FoxyProxy because it was clearly documented in the wiki that they’re meant to be used in downloading TBB only.

Good day,

May I recommend then, to try using Proxychains or some other alternative, as explained here: https://www.whonix.org/wiki/Tunnels/Introduction It sadly isn’t as simple though. In the meantime, I may look what setting in “about:config” they changed. If I can pinpoint it, it should be possible to reactivate the ability of using external plugins. Except obviously, if they compile FF without the necessary features now, which has happend before.

Have a nice day,

Ego

Hi,
Has anyone tried reproducing this with TBB 6.0.1 ?
I tried it today and Foxyproxy installs fine on TBB 6.0.1 (tested it on multiple VMs)
Maybe they changed it from 6.0 to 6.0.1 again ?
I think the about:config setting was :
xpinstall.signatures.required

Could anyone confirm this ?

foxyproxy confirmed working for me here on 6.01

1 Like

Instructions did not work anymore with Tor Browser 6.0.8 (based on Mozilla Firefox 45.6.0). Foxyproxy did not enable itself because Firefox now requires signed add-ons.

https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?as=u&utm_source=inproduct

Updated these instructions to disable add-on verification. And a few other smaller changes.

https://www.whonix.org/w/index.php?title=Template%3AFoxyProxy&type=revision&diff=27510&oldid=26635

https://www.whonix.org/wiki/Template:FoxyProxy no longer works for me with Tor Browser 7.0a1-hardened (based on Mozilla Firefox 45.7.0). Can you check please? @HulaHoop

What about installing foxyproxy using Tor Browser add-on manager rather than from Debian repository?

This also needs testing in combination with https://github.com/Whonix/apparmor-profile-torbrowser. Recent fix. Can you install apparmor-profile-torbrowser from source please? (Or manually active the updated profile.)

I will test this today if HulaHoop hasn’t checked it by then and report back

2 Likes

@goldstein Please do. I don’t have a 64bit build ready yet to check it out.

@Patrick Let me know when you’ve branched out a test release with GUI fixes so I can start looking at relevant tracker tasks.

Also what is your impression about hardened TBB usability (responsiveness/resource use)? Do you use it daily?

OK so I guess its now safe to recommend fetching the addon from Mozilla’s servers since they are now all signed. It will be as simple as pointing it to where the custom rules file is installed.

I wonder if TBB makes any attempt to check signatures though… I know for freedom reasons signed extension support is dropped out of the Tor fork. I may have to check that out.

https://wiki.mozilla.org/Add-ons/Extension_Signing

All Firefox extensions - for Desktop and Android - on AMO that have passed review are now signed.

Sure, will do. New build in process btw. There will be a new thread in the development sub forum.

Please move that into a separate thread.

Disabling that by default would be outrageous. I doubt that. Last time when I fixed the FoxyProxy template, I needed to disable it, because extensions installed as a deb package were ignored because of this.

I asked for more info about this.

https://lists.torproject.org/pipermail/tor-dev/2017-February/011923.html

1 Like

Btw there is also tbb-dev.

https://lists.torproject.org/pipermail/tbb-dev/

https://lists.torproject.org/pipermail/tbb-dev/2017-February/000464.html

1 Like

I testet TBB hardened with foxyproxy and neither of the options seem to work , when i installed it via the Addon-manager it said i should restart TBB to enable it but after a restart it keeps saying this.

But in the Light of Hardened Tor Browser Bundle not as hardened you think. Soon becoming extinct
it’s not worth it to even continue testing…

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]