What do you think this is?

Just thoughts of a restless mind...

Private and secure browsing

GDPR is supposed to let us take back control of our private data. In reality though many websites either don't allow that to happen through their selection of cookies, or constantly present to us the same requests until we accept the most invasive option. At the same time there is a known security risk related to every day broswing: browser - served malware, sometimes caused or enabled by the insane amount of 3rd party uncontrolled scripts that are served to us on the websites we visit. We need to find ways to browse securely and protecting our privacy as much as possible.

Tor network and browsing

TOR stands for The Onion Router which is a solution for protecting one's privacy and anonymity. It is the most commonly used solution by privacy-sensitive people such as journalists, activists and whistleblowers. But you don't have to belong in these categories to use Tor, you may find other reasons such as concerns about surveillance and tracking. The Tor Project provides - among others - a specifically crafted browser to facilitate as easy as possible use of Tor.

Balance

Security -and privacy- comes at a cost. This cost in our case is either on performance or on ease of use. For some people that cost is too much, for others it's not. But I think we can take that cost so much down that it becomes negligible. I will briefly explain how end users can improve their security and privacy, depending on the cost they're willing to accept.

Implementation options

There are two roads one can follow. The one is to use a privacy and / or security oriented system altogether, and the other is to just use the Tor browser. These are not mutually exclusive, as one may opt to use a security oriented system AND the Tor browser on top of it if the system itself doesn't provide it out of the box.

Use a privacy - oriented system

Solutions like that are not science fiction anymore. I would like to mention Whonix. This is a full operating system that need to be installed. If working every day in such an environment doesn't meet your needs, you may prefer to use a live CD for a while. Tails is such an option and you can boot ot it, do whatever you need in a privacy sensitive way and then go back to using your computer as usually. These solutions may require a significant change on the way you perform your every day work though. They provide traffic - based privacy by utilizing the Tor Network, but also operating system - level security by using a hardened setup, compartmentalization, sandboxing and other similar techniques to protect against browser-served malware.

If operating system - based security is important to you, you may want to have a look at Qube OS and the NSA - provided TENS. Although none of these include the Tor browser by default, all options below can be used with these operating systems too.

Using your preferred operating system

Some people prefer to not change their habits and keep using whatever they are accustomed to: Windows, MacOSX and Linux systems all can be your standard operating system and you can still use some options provided here - all of them based on the Tor Browser:

Option 1: Always use Tor Browser

Although this may be the easiest to implement solution - you just download tor browser for your operating system - it has three drawbacks:

  • The overall performance is bad; due to the constant use of the Tor network for browsing
  • There may be sites that you would prefer to keep been logged in instead of authenticating every time; for me it's Twitter, LinkedIn and my mail
  • You have no protection against browser-served malware, other than what the browser provides.

You may choose to use this setup for a while, but I would guess that if your privacy requirements are such that you need to be on Tor network all the time, it may be worth considering the use of a privacy - oriented system to start with.

Option 2: Use Tor Browser on your computer for specific sites

In that scenario you use the browser you're used to and you only switch to the Tor browser to visit sites that you find too invasive. In my case that would be all news sites. In order to do that you need to have the two browsers open while you use them. Every time you want to read or do something in a more private environment, you copy the link from your standard browser and open it in the Tor browser. If you opt for that solution I suggest using add-ons in your everyday browser that would remove tracking code. Here are some - most of them available for Chrome and Firefox:

Although this solves the performance problems and the inconvenience of constantly authenticating in everyday-sites, it leaves you wide open to browser-served malware. Still, I think this will be -by far- the most commonly used scenario.

Option 3: Use sandboxed Tor Browser

This is more complex to set up and depends on your operating system. It offers you pretty good protection though as it also protects against browser-served malware. I am interested to see what Microsoft's solution will look like regarding their Windows Sandboxing option for Windows 10 (Pro or Enterprise - so not for Home users). Third party solutions for Windows already exist. One of them is Sandboxie but as don't use Windows outside of my work environment these are not things I have spent any time evaluating.

Linux - my O/S of choice - has many options. One may start from simple sandboxing and go up to complex isolation and compartmentalization. The easiest sandboxing solution would be firejail and there even is a specific Tor Browser profile. I suggest a private jail with a separate network stack and its own IP address. One might want to look into Docker for complete compartmentalization.

Option 4: Use a dedicated virtual machine

If you already have a virtual machine set up for whatever reason, you may even use that. Since I already have one on KVM- used as a testbed and having a whole (but small) partition of my SSD for its storage it didn't make any sense to set something different up. The performance impact is close to zero due to KVM's passthrough storage option. You may need to make sure the VM starts on system boot, and it should shutdown or suspend on your system shutdown. On my openSUSE Leap 15.0 that last step is taken care of by the service virt-guest-shutdown.

In my case I just created a simple desktop shortcut to launch the torbrowser from the virtual machine.

Here is the snippet of my .ssh/config file: Host priv HostName 192.168.122.91 IdentityFile ~/.ssh/priv.ssh.pem ForwardX11 yes

and here is the command executed by the desktop shortcut ssh priv '~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser && exit'

Simple, of course, and the only prerequisite is to use key-based authentication to ssh on the VM and to install the tor-browser there.

Tor browser settings

The settings for the Tor browser I suggest, regardless of the setup you choose, are the following:

  • Addons (in case they are not installed by default):
    • HTTPS everywhere
    • Noscript
    • A URL cleaner (see above)
  • Configuration (in the section Privacy & Security):
    • Always use private browsing mode (default Keep until: I close Tor Browser)
    • Accept third party cookies and site data: Never
    • Use Tracking protection: Always
  • Advanced settings (these are the ones I changed from the default value)
    • privacy.trackingproection.pbmode.enabled = true
    • privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts = true

Conclusion

As you can see there are several ways to use Tor browser to protect your privacy while online, depending on the time you want to invest on setting them up and the architecture that works best for you.

Opinions? Are you going to use any of these options? And if yes, which one?