This is 7.0.7 that runs well on Xenial, but updates are not an option, even when you tell it to never check for updates.
Maybe this is more for other beginners who don't know how automated updating works, but even in the privacy browser there should be more trust.
You can use tor without the official browser albeit without as much privacy protection. Perhaps this might be a solution to your browser update woes.
@s243a possible. The instructions look like they lean technical, unless there's a more straightforward way?:
https://web.sas.upenn.edu/clayw/2017/0 ... ike-a-pro/
granularity? disabling javascript?
JASpup wrote: Sun Nov 08, 2020 2:40 am@s243a possible. The instructions look like they lean technical, unless there's a more straightforward way?:
https://web.sas.upenn.edu/clayw/2017/0 ... ike-a-pro/granularity? disabling javascript?
It looks like the granularity comment was about the release numbering. Just use something somewhat recent. Disabling javascript is good for security/privacy but could break some sites. The link you gave suggests compiling it. You can also find pre-built binaries.
https://2019.www.torproject.org/docs/debian.html.en
**I'll tell you how from the repo shown in this link if you tell me which puppy you are using.
If you are using a recent version of perhaps the tor version available in your package manager is sufficient. If you want to be really advanced you could try adding the tor repo to your package manager.
Anyway, what you want is to do is run the standalone version of tor (without the browser). This will create a socks5 proxy to access tor. In about:config in a firefox based browser you can set firefox to access the internet via this proxy. There are also settings in about:config if you want to view onion sites.
I like Tor browser, I just don't want it forcing updates.
I'm trying to image the dis/advantages of running a different browser.
Am I to understand the forced update is the browser and not Tor? Otherwise it wouldn't do the same thing?
This is more a commiseration complaint than a priority. I don't know how serious/common it is and the level of acceptance.
JASpup wrote: Sun Nov 08, 2020 9:01 amI like Tor browser, I just don't want it forcing updates.
I'm trying to image the dis/advantages of running a different browser.
The tor team does a good job striking the right balance between privacy and security for most people. However, even with the tor browser one might want to consider changing some of the settings (e.g. disabling javascript) or alternatively on the possibly lower privacy side disabling some third party aps like noscript and https everywhere either because you don't think these aps provide more privacy/security or because they break some site you like.
I'm not sure how many changes the tor browser lets you make but I do know that on android the tor browser breaks some ZeroNet sites. Anyway, we shouldn't assume that the Tor browser is the best for privacy/security even if that is our default assumption. The fact that it is the most common browser used on Tor means that people looking for weaknesses in Tor will likely most frequently be looking at the Tor browser for exploits. Also if you use a different browser it might not suffer from the same vulnerabilities as the Tor browser.
That said, be warned that if you use a different browser than than the Tor browser, your browser signature (e.g. window size) may somewhat uniquely identify you. Someone else may have the same browser signature as you and also your browers signature doesn't say who you are just that you might be the same person as previously visited the site or possibly some other site if the same people run more than one site.
Okay, say you want to try a different browser, what are some suggestions? Here is some info that I found on zeronet:
Ungoogled-chromium is Google Chromium, sans integration with Google. It also features some tweaks to enhance privacy, control, and transparency (almost all of which require manual activation or enabling).[1]
Spyware Level: Not SpywareUngoogled-chromium is a fork of Chrome that has all of Google's spyware removed. It was tested with MITMproxy and makes no unsolicited requests, and is therefore not spyware. Ungoogled-chromium is the highest-rated browser based on Google Chrome, and is probably one of the best choices if you can compile it. Otherwise configuring Iridium to a sufficient privacy standard might be a good choice if you are looking for a Chrome-based browser to switch too without taking the time to compile any software.
http://127.0.0.1:43110/1SpyWkvtp8bXz5x7 ... omium.html
GNU IceCat is a web browser that is a fork of Firefox.
Spyware Level: Not SpywareGNU IceCat is a fork of Firefox that is more private and secure than Firefox and it contains several privacy-protecting features. IceCat 60 makes no unsolicited connections when you run it. Previous versions had privacy problems, but version 60 doesn't have these problems. You can read about the previous version here: IceCat 59 Review
IceCat's privacy featuresFrom gnu.org:
Code: Select all
LibreJS: GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. Https-Everywhere: Extension that encrypts your communications with many major websites, making your browsing more secure. AboutIceCat: Adds a custom "about:icecat" homepage with links to information about the free software and privacy features in IceCat, and checkboxes to enable and disable the ones more prone to break websites. Fingerprinting countermeasures: Fingerprinting is a series of techniques allowing to uniquely identify a browser based on specific characterisics of that particular instance (like what fonts are available in that machine). Unlike cookies the user cannot opt-out of being tracked this way, so the browser has to avoid giving away that kind of hints.As of writing this the information on gnu.org is a little outdated. Read this for the most up to date look at it:
http://127.0.0.1:43110/1SpyWkvtp8bXz5x7 ... cecat.html
For more options see (need zeronet to view this link):
http://127.0.0.1:43110/1SpyWkvtp8bXz5x7 ... /articles/
Also note, that the the tor browser has some default behavior that one might not want like shutting down tor when you close the browser and using default ports which might reveal that you are using tor via an nmap scan...or at least it would if your port was exposed to the scanning tool. For instance the scan might need to be done from the machine running tor to detect that tor is being used. A browser exploit might allow this (see XXS cross site scripting).
Am I to understand the forced update is the browser and not Tor? Otherwise it wouldn't do the same thing?
This is more a commiseration complaint than a priority. I don't know how serious/common it is and the level of acceptance.
It's possible that the Tor Browser might allow you to change this setting (without modifying the source). Normally, for security reasons one would want to do these updates but sometimes the update mechanism of a program can be used as an exploit. If you don't like this setting and the Tor browser doesn't let you change this then you can try a different browser but do so at your own risk.
I get these warnings about HTML5 canvas data and not maximizing my browser. I don't understand the nature of the threat.
What is obviously threatening is the transmission of insecure data, geolocation, and recording (eg, I've recently started noticing on Facebook the activity log includes searches, so every thing you do from one moment to the next, typing, clicking, all is being recorded).
Tor obviously doesn't load a significant percentage of pages, but the wise can see it's doing a lot to make it worthwhile to use for what works with it.
Thanks for the privacy browsers.
I am not really clear about what you are trying to achieve or what you are trying to avoid. Tor Browser Bundle 7.0.7 is very old. Generally speaking if you are concerned about security and privacy it is best to run recent or latest versions. I believe those older versions did force updates even if you set them not to in Preferences. Your user setting was just ignored.
They have just released version 10.0.4 of Tor Browser Bundle. My packages of that should work in Xenial (I did test this). With these recent versions you can set it to only check for updates and notify you, but not install updates unless you allow it. There is no option for not checking at all. I think the updates don't cause a problem if auto installed, but I usually do manually updated packages anyway.
viewtopic.php?f=90&t=213
