old-tor-firefox-instructions.md 9.3 KB
NOTE: This is a backup of old instructions. For latest version of the instructions, please check install-freebsd.md.
Use TOR with Firefox
Run pkg search tor-browser to see if a tor-browser package exists. If it does, install it instead of following this customization guide afterwards:
sudo pkg install tor-browser
If there are no packages named tor-browser available, Firefox can be made to act close to TOR Browser. It is not however recommended by the TOR project to use it that way:
We strongly recommend against using Tor in any browser other than Tor Browser. Using Tor in another browser can leave you vulnerable without the privacy protections of Tor Browser.
WARNING:
This setup would not guarantee same security as TOR Browser and using it for serious work, anonymity or personal safety is not recommended. Also consider using a jail if you know how to use it.
Straight from TOR project website:
Tor Browser is a modified version of Firefox specifically designed for use with Tor. A lot of work has been put into making the Tor Browser, including the use of extra patches to enhance privacy and security. While it is technically possible to use Tor with other browsers, you may open yourself up to potential attacks or information leakage, so we strongly discourage it.
This guide has instructions on installing addons which may deanonymize you and make you more trackable:
Installing new add-ons may affect Tor Browser in unforeseen ways and potentially make your Tor Browser fingerprint unique. If your copy of Tor Browser has a unique fingerprint, your browsing activities can be deanonymized and tracked even though you are using Tor Browser. ... There's also a good chance a new add-on will increase the attack surface of Tor Browser. This may allow sensitive data to be leaked or allow an attacker to infect Tor Browser. The add-on itself could even be maliciously designed to spy on you. Tor Browser already comes installed with one add-on — NoScript — and adding anything else could deanonymize you.
sudo pkg install firefox tor
sudo sysctl net.inet.ip.random_id=1 # set random ip recommended by install message
echo 'net.inet.ip.random_id=1' | sudo tee -a /etc/sysctl.conf # make it permanent
echo 'tor_enable="YES"' | sudo tee -a /etc/rc.conf
sudo service tor start
mkdir ~/bin
cd ~/bin
echo -e '#!/usr/bin/env bash'"\nfirefox --no-remote --profile '/home/$USER/bin/tor-firefox-profile' & disown" > tor-firefox
chmod +x tor-firefox
mkdir tor-firefox-profile
The ~/bin/tor-firefox script will use ~/bin/tor-firefox-profile directory to store a separate profile for it. So settings, addons etc. will be separate from the system Firefox installation. If you have ~/bin in $PATH (e.g. by adding export PATH="$PATH:$HOME/bin" in ~/.bashrc) you could run tor-firefox on terminal from anywhere, but that's optional. We will create a shortcut for it on application menu, so it will be easier to launch. You can use regular firefox from the application menu as usual, but when you run this script, it will run it as a separate instance and use the separate profile directory.
To make it accessible from application menu:
mkdir -p ~/.local/share/applications/ && nano ~/.local/share/applications/tor-firefox.desktop
[Desktop Entry]
Version=1.0
Name=TOR Firefox
Comment=TOR configured Firefox web browser
GenericName=TOR Web Browser
Keywords=Internet;WWW;Browser;Web;Explorer
Exec=~/bin/tor-firefox %U
Terminal=false
Type=Application
Icon=applications-internet
Categories=GNOME;GTK;Network;WebBrowser;
MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/chrome;video/webm;application/x-xpinstall;
StartupNotify=true
Now further prepare the TOR Firefox by running tor-firefox and then:
- Install Onion Browser Button and remember to enable it for Private Window. Click on the toolbar icon and click on purple onion icon to enable. It should connect successfully and show a notification saying so.
- Optionally, add a "Forget" button on toolbar to easily clear recent history. This is not similar to the New Identity button on TOR Browser toolbar, but it can be clicked and then tor service could be restarted from terminal to get a similar effect. While it may be similar, it may not be the same. To add this button, right click on empty space on the toolbar and select Customize Toolbar..., drag and drop the Forget item to toolbar, click Done.
- Visit privacyguides.org Desktop Browsers page and apply WebRTC and Recommended Configuration.
- On
about:config:- browser.newtabpage.pinned = (make the value empty) - to make pinned popular websites go away because they are also available on location bar even if they're hidden from settings
- extensions.pocket.enabled = false - to disable built in Firefox Pocket addon
- identity.fxaccounts.enabled = false - to disable Firefox Sync/logins (you'll have to restart Firefox for changes to take effect, which will happen automatically when changing history settings later, so not needed now)
- browser.preferences.moreFromMozilla = false - to hide "More from Mozilla" item from Settings sidebar
- Right click the first tab titled "Firefox View" (Firefox v106+) and select Remove from Toolbar to remove it.
- Clear cache by pressing Ctrl+Shift+Delete, selecting "Everything" in time range and checking all checkboxes.
- Open Settings/Preferences (Alt+E, N) and apply these changes:
General:
- Under "Startup" uncheck all checkboxes
- Uncheck "Play DRM-controlled content" if available
- Check Network Settings > Settings... > Proxy DNS when using SOCKS v5 (This will enable you to browse .onion sites)
Home:
- Homepage and new windows: Blank Page
- New tabs: Blank Page
- Uncheck everything under "Firefox Home Content"
Search:
- Change your search engine to at least DuckDuckGo. To select Searx or Metager.org or any other privacy respecting alternative, just go to those sites, click the 3-dot icon in the location bar (or if not available on v89+, right click) and choose to add that search engine. Additionally check privacyguides.org search engines page for options. Then select it under Default Search Engine settings.
- Uncheck "Provide search suggestions"
Privacy & Security:
- Under "Enhanced Tracking Protection"
- Select "Custom" and check all checkboxes.
- Cookies: All cross-site cookies
- Tracking content: In all windows
- Check Cookies and Site Data > Delete cookies and site data when Firefox is closed
- Uncheck all checkboxes under Logins and Passwords
- Uncheck Address Bar > Shortcuts
- Uncheck all checkboxes under "Firefox Data Collection and Use"
- Uncheck Deceptive Content and Dangerous Software Protection > Block dangerous and deceptive content
- Select HTTPS-Only Mode > Enable HTTPS-Only Mode in all windows (basically does what HTTPS Everywhere does)
Under History:
- Firefox will: Use custom settings for history
- Check "Always use private browsing mode" and then restart Firefox.
Also recommend applying arkenfox user.js changes to hide some identifyable information from websites (such as user agent, timezone offset etc.):
# quit Firefox, then...
cd ~/bin
cp -r tor-firefox-profile tor-firefox-profile_backup
git clone --depth 1 https://github.com/arkenfox/user.js
user.js/updater.sh -p tor-firefox-profile
# check with https://coveryourtracks.eff.org/
# if everything works fine delete unnecessary dirs (optional)
rm -rf tor-firefox-profile_backup
rm -rf user.js
Optional, but recommended, go to https://browserleaks.com/ and confirm that nothing you don't want is exposed to websites.
Useful addons (allow them to run on private window when asked):
- NOTE: This page used to have onionflare listed here. The project readme now says "It seems that newer versions of Firefox don't need this add-on anymore to pass CAPTCHA-free on websites behind Cloudflare. It is recommended to uninstall this extension..."
- NoScript Security Suite - Disable most of JavaScript by default; little bit inconvenient for new users
- I still don't care about cookies - Skips cookie popups
- Privacy Redirect - Redirect common nonfree service urls with their Free Software proxied versions (Invidious for YT, libreddit for Reddit, Nitter for Twitter etc.)