# Tor Browser



## hobbitus (Apr 14, 2021)

Hello everyone, I have been looking for Tor Browser (torproject.org) for x86 and ARM. I've noticed a few old threads but not actually any solutions. Any experience or suggestions how to get Tor browser on FreeBSD?
Thank you.


----------



## balanga (Apr 14, 2021)

Don't know anything about Tor browser but have you looked at tor()?


----------



## SirDice (Apr 14, 2021)

The "Tor browser" is just a convenient package that installs and configures various bits and pieces automatically. There is no "Tor browser" package for FreeBSD. That said, it's perfectly doable to install and configure all the various parts that make up the "Tor browser" on FreeBSD. You just have to install and configure everything yourself.


----------



## rootbert (Apr 14, 2021)

I recommend using tor browser, standard browsers leave too many traces. Unluckily I have not yet had time to install it in a linux jail, I am using torbrowser in a VM.


----------



## hobbitus (Apr 15, 2021)

I know that the 'Tor Browser' is a package of few things together, there is a good reason why they are configured and provided together.
It may be worth of considering separating the proxy in Jail on ZFS, an approach used by Whonix.


----------



## a6h (Apr 15, 2021)

If you're interested in Tor based messaging, there's also net-im/ricochet. It's a P2P messenger, based on the Tor. But, it's not part of Tor Project. That's important, and you have to keep it in mind.









						GitHub - ricochet-im/ricochet: Anonymous peer-to-peer instant messaging
					

Anonymous peer-to-peer instant messaging. Contribute to ricochet-im/ricochet development by creating an account on GitHub.




					github.com
				




Note:
As a rule, you have to download, verify and install Tor from its official website. There's no official port for FreeBSD, thus you have to use security/tor. But you can always check the submitted patches yourself. It's not complicated, and everyone can do that.


----------



## grahamperrin@ (Jul 1, 2021)

In the absence of Tor Browser, I occasionally used Firefox with a few carefully-chosen extensions and net/torsocks. Not an ideal alternative, but it was enough for me at the time.


----------



## mr8ash (Jul 1, 2021)

*I*n my case if *I* want to use tor, *I* would install tor, obfsproxy-tor n and necessary pkg packages. Run tor n and then configure any browser to use it. Works for me.


----------



## mr8ash (Jul 1, 2021)

grahamperrin said:


> Thanks,
> 
> 
> 
> security/py-obfsproxy-tor was removed; <https://cgit.freebsd.org/ports/commit/?id=e5aa301f0f704efbe3e5b544af4f9c22f917d62d>


Much welcome. obfsproxy-tor is if you wanna want to use bridging. n u And you can view it using nyx. Without it it still works.


----------



## SirDice (Jul 1, 2021)

mr8ash please stop using textspeak. We have a lot of users that use translator software. And overusing ellipsis makes you sound uncertain.


----------



## mr8ash (Jul 1, 2021)

SirDice said:


> mr8ash please stop using textspeak. We have a lot of users that use translator software. And overusing ellipsis makes you sound uncertain.


sorry......


----------



## gpw928 (Jul 5, 2021)

Getting everything correct for a tor build is a significant challenge, requiring insight, experience, ability, and ongoing diligence.

I wouldn't normally recommend Linux in a FreeBSD forum, but I will say that I run tor in a Debian virtual machine, because it comes as a fully configured and maintained package.


----------



## hardworkingnewbie (Jul 6, 2021)

gpw928 said:


> Getting everything correct for a tor build is a significant challenge, requiring insight, experience, ability, and ongoing diligence


Or you just follow the official documentation provided by the Tor project on how to setup a FreeBSD node: https://community.torproject.org/relay/setup/bridge/freebsd/

It's really not that complicated. Then you do need in addition a browser of your choice pointing to that node, preferably running in private mode of course.


----------



## rootbert (Jul 7, 2021)

hardworkingnewbie said:


> Or you just follow the official documentation provided by the Tor project on how to setup a FreeBSD node: https://community.torproject.org/relay/setup/bridge/freebsd/
> 
> It's really not that complicated. Then you do need in addition a browser of your choice pointing to that node, preferably running in private mode of course.


this solution is far from ideal ... the changes made to firefox to package the thing in the "tor-browser" is not without a reason, the traceable bits are mostly removed. so whoever is looking for running tor-browser, just do not use a normal browser behind a tor proxy. Better run tor-browser in a Linux VM/Jail (if that is possible)


----------



## mr8ash (Jul 7, 2021)

grahamperrin said:


> Thanks,
> 
> 
> 
> security/py-obfsproxy-tor was removed; <https://cgit.freebsd.org/ports/commit/?id=e5aa301f0f704efbe3e5b544af4f9c22f917d62d>


Sorry, my mistake. it should be obfs4proxy-tor


----------



## rootbert (Feb 28, 2022)

some additional information for the interested users:


https://support.torproject.org/tbb/tbb-4/ -> https://2019.www.torproject.org/projects/torbrowser/design/
https://www.whonix.org/wiki/Documentation especially https://www.whonix.org/wiki/DoNot


----------



## zirias@ (Feb 28, 2022)

rootbert said:


> some additional information for the interested users:
> 
> 
> https://support.torproject.org/tbb/tbb-4/ -> https://2019.www.torproject.org/projects/torbrowser/design/
> https://www.whonix.org/wiki/Documentation especially https://www.whonix.org/wiki/DoNot


The main reason for the widespread recommendation not to use any other brower is: matters are complicated, also complicated to explain, and it can easily happen to overlook something.

But: the single biggest offender is Javascript, including all the APIs accessible in modern browsers. Even with TorBrowser, it's sometimes recommended to completely disable it. Disabling Javascript protects from (rough guess) 80% of the threats. So, if you _do_ use any other browser with Tor, *never ever enable Javascript*.

Then, there are ways to track and/or fingerprint you by means of HTTP headers. Fixing this (plus quite a few other things based on actual HTML content) can be done e.g. with "privoxy" (between your browser and Tor). Be sure to use widespread User-Agent and Accept-* headers and at least restrict usage of Referer.

And finally, there are a few things that can't be done without TorBrowser, like e.g. its "letterboxing" feature, which prevents unusual fingerprinting techniques based on CSS, see for example https://noscriptfingerprint.com/

I collected some information here:








						Anonymous browsing on FreeBSD [incomplete]
					

Sometimes, there's a need to browse the web anonymously. It doesn't have to be for illegal purposes, it could just be you want to talk about your medical or even mental problems, sexual orientation, or maybe you want to "pentest" websites you don't own, just to make the web a better (more...




					forums.freebsd.org
				




IMHO, "anonymous" browsing is possible without TorBrowser, given you understand technical details and limitations (and, of course, you can live without JavaScript). It's just not recommended, for obvious reasons


----------



## kpedersen (Feb 28, 2022)

With any solution I still highly recommend creating some sort of test environment (gateway running Wireshark) and carefully analyzing the traffic going through. Everything is so messy now and there are socket leaks in almost everything.

Even then, running tor on the same machine and looping back programs through it is still a bit dodgy. It is better to do this at a gateway level (as a separate device) and have the computer behind it literally unable to connect to anything but the Tor proxy running on the gateway. This is the only way I can stomach running Windows in all fairness.


----------



## Deleted member 70481 (Mar 1, 2022)

Zirias said:


> The main reason for the widespread recommendation not to use any other brower is: matters are complicated, also complicated to explain, and it can easily happen to overlook something.
> 
> But: the single biggest offender is Javascript, including all the APIs accessible in modern browsers. Even with TorBrowser, it's sometimes recommended to completely disable it. Disabling Javascript protects from (rough guess) 80% of the threats. So, if you _do_ use any other browser with Tor, *never ever enable Javascript*.
> 
> ...


Letterboxing can be used in normal Firefox, in about:config just set privacy.resistFingerprinting.letterboxing to true


----------



## zirias@ (Mar 1, 2022)

Interesting! But kind of confirms my conclusion: the reason to discourage using a "normal" browser with Tor is the complexity which comes with a substantial risk to get _something_ wrong, making de-anonymization possible. Still, it _can_ be done.

kpedersen, enforcing Tor on a router/gateway makes sure there can be no leaks on the network level (but doesn't help with fingerprinting etc...). If you disable Javascript (and don't use any "extensions", which I forgot to mention above), this _should_ be limited to DNS queries. Observing your browser's network activity is probably a good idea if you want to be sure.

Does anyone know an "anonymity" feature Tor browser offers that can't be replaced without it, given you disable Javascript? And I don't mean "convenience" things like the "new circuit" button; you can easily instruct tor daemon to do so without Tor browser


----------



## grahamperrin@ (Mar 16, 2022)

twoface said:


> … Why Tor browser is not available for FreeBSD? …





hbsd said:


> There is nothing special about Tor Browser
> Tor Browser is just: Firefox + Tor
> 
> [HOWTO] use Tor network and web proxy





rootbert said:


> … a strong need to educate users.
> aaaand again: *NO, IT IS NOT! *Tor Browser is a modified version of Firefox! If you use your normal firefox behind tor you can pretty easily be traced.





hbsd said:


> Yes you can always be traced even with tor browser. tor is not secure as you think it is:
> 
> Is Tor Really Anonymous and Secure?
> 
> ...



Is Tor browser nothing more than Firefox + Tor?

I suspect not. Consider these Mozilla bugs:

1260929 - (meta_tor) [META] Tor Patch Uplifting
1329996 - (uplift_tor_fingerprinting) [META] Tor Uplift: Fingerprinting Resistance
– including their dependency trees:

<https://bugzilla.mozilla.org/showdependencytree.cgi?id=1260929&hide_resolved=1> – depends on 130 open bugs
<https://bugzilla.mozilla.org/showdependencytree.cgi?id=1329996&hide_resolved=1> – depends on 78 open bugs.
– one of the two is too large to be graphed:



– the other:



– the two dependency lists (excluding resolved bugs):

<https://bugzilla.mozilla.org/buglis...6202,1437266,1378775,1690038&list_id=16023600>
<https://bugzilla.mozilla.org/buglis...2482,1724732,1485280,1315203&list_id=16023601>


----------



## T-Daemon (Dec 14, 2022)

BobSlacker said:


> What I don't understand is that OBSD have the browser o it's repo and FBSD doesn't. Why is that?
> And configuring a FF-ESR with the Tor service and some addons is not the best approach. One should use the official Tor-Browser to access the Tor network.



Native port underway:





						268245 – [NEW PORT] www/tor-browser - native port for FreeBSD
					






					bugs.freebsd.org


----------

