Update on Tor Browser

Tor Browser Bundle (TBB) now has easier settings for the user. TBB also makes the connection simpler for the user: - Now enabled by default, moat will help you configure bridges. - Bridge cards for viewing your Tor bridges make it both pretty and more useful for the user.
2024-12-25 23:39:41 -05:00 · 2022-07-31 15:57:02 -04:00 · 2022-07-31 15:57:02 -04:00 · 2d8480417a
commit 2d8480417a
parent 0fdac28082
1 changed files with 17 additions and 6 deletions
--- a/guide.md
+++ b/guide.md
@ -551,7 +551,7 @@ Here are some online resources you can use to find some information about your c
    -   <https://check.torproject.org>
-For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it as much as we can through a combination of various means:
+For those reasons, you will need to obfuscate and hide that origin IP (the one tied to your identification) or hide it through a combination of various means:
 -   Using a public Wi-Fi service (free).
@ -579,9 +579,9 @@ Because it is not encrypted, your ISP and/or any other adversary could still int
 As a bonus, many devices and apps will use hardcoded DNS servers bypassing any system setting you could set. This is for example the case with most (70%) Smart TVs and a large part (46%) of Game Consoles[^34]. For these devices, you will have to force them[^35] to stop using their hardcoded DNS service which could make them stop working properly.
-A solution to this is to use encrypted DNS using DoH (DNS over HTTPS[^36]), DoT (DNS over TLS[^37]) with a private DNS server (this can be self-hosted locally with a solution like pi-hole[^38], remotely hosted with a solution like nextdns.io or using the solutions provider by your VPN provider or the Tor network). This should prevent your ISP or some go-between from snooping on your requests ... except it might not.
+A solution to this is to use encrypted DNS using DoH (DNS over HTTPS[^36]), DoT (DNS over TLS[^37]) with a private DNS server (this can be self-hosted locally with a solution like pi-hole[^38], remotely hosted with a solution like nextdns.io or using the solutions provided by your VPN provider or the Tor network). This should prevent your ISP or some go-between from snooping on your requests ... except it might not.
-Small in-between Disclaimer: **This guide does not necessarily endorse or recommends Cloudflare services even if it is mentioned several times in this section for technical understanding.**
+Small in-between Disclaimer: **This guide does not necessarily endorse or recommend Cloudflare services even if it is mentioned several times in this section for technical understanding.**
 Unfortunately, the TLS protocol used in most HTTPS connections in most Browsers (Chrome/Brave among them) will leak the Domain Name again through SNI[^39] handshakes (this can be checked here at Cloudflare: <https://www.cloudflare.com/ssl/encrypted-sni/> <sup>[[Archive.org]][49]</sup> ). **As of the writing of this guide, only Firefox-based browsers supports ECH (Encrypted Client Hello**[^40] **previously known as eSNI**[^41]**) on some websites which will encrypt everything end to end (in addition to using a secure private DNS over TLS/HTTPS) and will allow you to hide your DNS requests from a third party**[^42]**.** And this option is not enabled by default either so you will have to enable it yourself.
@ -625,9 +625,14 @@ Finally, even if you use a custom encrypted DNS server (DoH or DoT) with ECH/eSN
 One could also decide to use a Tor Hidden DNS Service or ODoH (Oblivious DNS over HTTPS[^53]) to further increase privacy/anonymity but **unfortunately**, as far as we know, these methods are only provided by Cloudflare as of this writing (<https://blog.cloudflare.com/welcome-hidden-resolver/> <sup>[[Archive.org]][53]</sup>, <https://blog.cloudflare.com/oblivious-dns/> <sup>[[Archive.org]][54]</sup>). These are workable and reasonably secure technical options but there is also a moral choice if you want to use Cloudflare or not (despite the risk posed by some researchers[^54]).
 **Note that Oblivious DNS addresses an adversary that eavesdrops on one of the connections listed here but not all. It does not address a global passive adversary (GPA) who can eavesdrop on many or all of these connections**: 
 -   traffic between the client resolver and the recursive resolver
 -   the recursive resolver and the ODNS resolver
 -   the ODNS resolver and an authoritative server.
 Lastly, there is also this new possibility called DoHoT which stands for DNS over HTTPS over Tor which could also further increase your privacy/anonymity and which you could consider if you are more skilled with Linux. See <https://github.com/alecmuffett/dohot> <sup>[[Archive.org]][55]</sup>. This guide will not help you with this one at this stage, but it might be coming soon.
-Here is an illustration showing the current state of DNS and HTTPS privacy based on my current knowledge.
+Here is an illustration showing the current state of DNS and HTTPS privacy based on our current knowledge.
 ![][56]
@ -2038,6 +2043,10 @@ Please see [Appendix Y: Installing and using desktop Tor Browser].
 ### Android:
 **Note on Tor Browser for Android: The development of Tor Browser for Android is behind desktop Tor Browser Bundle (TBB). Some features are not available yet. E.g., the desktop version of Tor now enables automatic bridges using Moat:**
 "**Connection Assist** works by looking up and downloading an up-to-date list of country-specific options to try using your location (with your consent). It manages to do so without needing to connect to the Tor Network first by utilizing [moat](https://support.torproject.org/glossary/moat/) – the same domain-fronting tool that Tor Browser uses to request a bridge from torproject.org."
 -   Head over to:
    -   Play Store: <https://play.google.com/store/apps/details?id=org.torproject.torbrowser>
@ -2048,9 +2057,9 @@ Please see [Appendix Y: Installing and using desktop Tor Browser].
 -   Launch Tor Browser
-   After Launching, click the upper right Settings icon
+-   After Launching, click the upper right **Settings** icon
-   Select "Config Bridge" and read [Appendix X: Using Tor bridges in hostile environments]
+-   Select "Config Bridge" and read [Appendix X: Using Tor bridges in hostile environments].
 -   **If needed (after reading the appendix above)**, activate the option and select the type of bridge you want:
@ -11718,6 +11727,8 @@ Each Virtual Machine is a sandbox. Remember the reasons for using them are to pr
 # Appendix X: Using Tor bridges in hostile environments
 Recently, the Tor Project has made it incredibly simple to access Bridges with **Connection Assist**, and it is now automatically done in hostile or censored regions. Simply open the Tor Browser and the connection will be configured based on your needs on any hostile network. Previously, we had a list of options below this paragraph which were necessary to enable and configure bridges, but now that this is done automatically using [moat](https://support.torproject.org/glossary/moat/).
 In some environments, your ISPs might be trying to prevent you from accessing Tor. Or accessing Tor openly might be a safety risk.
 In those cases, it might be necessary to use Tor bridges to connect to the Tor network (see Tor Documentation <https://2019.www.torproject.org/docs/bridges> <sup>[[Archive.org]][244]</sup> and Whonix Documentation <https://www.whonix.org/wiki/Bridges> <sup>[[Archive.org]][337]</sup>).