SSH in Tor browser

jamesferkin · May 8, 2016, 11:46am

Hello
I read this topic on how setup proxy in Tor browser. It explains if I utilize FoxyProxy there is a bug in 4.5.1 version ‘‘Circuit isolation by SOCKS proxy may be breaking other proxies or non-proxies’’, is this applied also on Tor 6.0a5? Is more secure to use proxy setting method or transparent proxying method? (I use only tor browser, swd and whonix-check)

Thank you

entr0py · May 8, 2016, 4:31pm

I don’t know. However, it’s a feature limitation not a security issue so it’s “safe” to use the listed workarounds. (As long as you understand the warnings regarding pseudonymity (which applies to any proxy tunneled through Tor) and also, browser fingerprints). You may also need to remove Tor Browser proxy settings in addition to using FoxyProxy if you use the Proxy Settings method.

“Secure” is probably not the right word in this context. Each has advantages / weaknesses. Actually, all the points I was about the make are summarized in the chart: Connecting to Tor before a Proxy

As an example, Flash is notorious for ignoring proxy settings and would likely bypass your Socks tunnel. A transparent proxy would still capture Flash-related traffic. On the other hand, a transparent proxy would force ALL of your (unconfigured) system-wide traffic through the single Socks tunnel and not allow stream isolation.

Needs to be decided on a case-by-case basis. Keep in mind any leaks from using an application-specific method continue to be sent over Tor so the added flexibility and stream isolation features of non system-wide proxies may be more beneficial.

jamesferkin · May 8, 2016, 6:08pm

Good day
I choose to use proxy setting method, there are two applications (sdwdate, TorChat) that can works only through Tor. I don’t use Tor chat, while sdwdate run automatically when start, do I have to disable it or can I wait that Time synchronization ends and after setup proxy?
The same with application that use uwt wrapper, I setup a proxy only when use browser while when I run a command (Ex: apt-get), disable proxy. Can I use this method?

How the topic says to improve security, I’ll use two workstation, one to use with socks for few website while the other for the remaining

Regards

entr0py · May 8, 2016, 10:36pm

All of your questions are answered on these two pages:
Stream Isolation
Connecting to Tor before a Proxy

If you need help with a specific paragraph, please quote it and I can help explain.

The “Proxy Settings Method” is per-application. Applications that are pre-configured (via proxy settings, uwt, proxifier, etc) are unaffected. Also, Tor Browser provides stream isolation for each tab (and generates a new circuit for all connections every 10 mins unless they are long-lived.)

jamesferkin · May 9, 2016, 10:23am

On the Stream Isolation page, there is a list of applications that are pre-configured to use socks proxy settings using application configuration files. If you want to disable this…

You must go to the applications settings and remove what Whonix has applied by default.

For some applications this is impossible.

sdwdate
TorChat

Can I surf with proxy without that they cause problems or I need to disable them? (sdw-date start just at the beginning{I setup the proxy after}, while I dont use torchat)

Last question:
Now, I’m not more anonymous (fingerprint), are the differences between using iceweasel or Tor browser the spoof of OS, web browser, screen size, OS cpu, language etc…, or are there other problems like leaks, stream isolation is break (It seems also in Tor browser) etc…?

Regards

entr0py · May 9, 2016, 2:57pm

If you use the “Proxy Settings Method” with Tor Browser, none of your other applications will be affected. The pre-configured applications will continue to be routed over their pre-configured Tor SocksPorts. That is what “per-application” means - each app has its own settings.

Tor Browser Essentials

Iceweasel has WebRTC enabled by default. Iceweasel does not have the same focus on anonymity as Tor Browser so no way to guess if leaks will happen in the future. Also, Iceweasel will not prevent you from installing any plugins - which may leak themselves.

Yes, if you use a proxy as your final node, then all traffic will pass through that proxy. Iceweasel will use the same circuit to reach that proxy. Tor Browser may (see previous post) use different circuits to reach that proxy.

Patrick · May 9, 2016, 6:53pm

Since Circuit isolation by SOCKS proxy may be breaking other proxies or non-proxies (#16395) · Issues · Legacy / Trac · GitLab has made no progress, it is unlikely that this has changed.

Linking to Connecting to Tor before a Proxy btw is not great as the links to footnotes are not stable.

No, because sdwdate keeps running. You can only exclude or break it.