Infected


You are here: [Tor Browser Security Guide]
Click [HERE] to return to the Homepage

Note: The only person responsible for your actions is you.
Note: We do not condone illegal activities in any way.

Part1. Introduction
Lets start off by a small introduction, what's tor?

The Tor network disguises your identity by moving your traffic across different Tor servers, and encrypting that traffic so it isn't traced back to you. Anyone who tries would see traffic coming from random nodes on the Tor network, rather than your computer.

More information can be found here:
en.wikipedia.org/wiki/Tor_(anonymity_network)

But how trustable & Safe is the Tor network and the Tor Browser Bundle?
Tor & the Tor Browser Bundle are fully open source, that means that the source code is fully available to the public, and is already inspected by many many many security experts.
If you want to review the source code for yourself... github.com/TheTorProject

Part 2. Installing & Securing Tor Browser Bundle.
The first thing we need is ofcourse the installer! the installer can be found here: torproject.org

After you have succesfully installed the Browser, open it.
Click on the little onion icon on the top left of the browser.
Select "Security settings" and set the slider to high.

Now, right-click the S icon in the upper right corner of the browser and select "Options"
Navigate to the "General" tab and uncheck the scripts globally allowed checkbox!
When thats done, go to the "Embeddings" tab and check the following checkboxes!

Forbid Java
☐ Forbid Audio / Video
☐ Forbid Adobe Flash
☐ Forbid Iframe
☐ Forbid Microsoft Silverlight
☐ Forbid Iframe
☐ Forbid other plugins
☐ Forbid @font-face




When done,In the searchbar type "About:config" without the quotes.
And change the following parameters as stated below!



__________________________________________
Must be changed to: false

1: network.protocol-handler.external
(Protocols (ex: http, ftp, mailto) are different methods of sending information over the Internet. Protocols may be handled by Mozilla applications themselves, or they may be passed to external applications, or they may not be handled at all. This preference determines whether a specific protocol that is already configured to be handled should be handled internally or externally.)
(Do the same for all the subsettings)

2: javascript.enabled
(Enabes/disables javascripts)

3: network.prefetch-next
(Link prefetching is when a webpage hints to the browser that certain pages are likely to be visited, so the browser downloads them immediately so they can be displayed immediately when the user requests it. This preference controls whether link prefetching is enabled.)

4: browser.cache.disk.enable
(When a page is loaded, it can be cached so it doesn't need to be downloaded to be redisplayed. For e-mail and news, messages and attachments are cached as well. This preference controls whether to use the hard drive for caching purposes. browser.cache.disk.capacity controls the maximum amount of disk space to use.)

5: browser.cache.offline.enable
(Recent versions of Mozilla offer an “offline cache” that web applications can use to store data for retrieval even when the browser is offline. Combined with online/offline events, developers can write JavaScript that acts intelligently until the connection is restored. This preference determines whether the offline cache is enabled.)

6: dom.storage.enabled
(The Web Applications 1.0 specification defines a mechanism allowing web pages to store information with a web browser (similar to cookies) called “client-side session and persistent storage.” Although use of session storage is subject to a user’s cookie preferences, this preference allows it to be disabled entirely.)

8: media.mp4.enabled
(Enabes/disables mp4 video playback)

9: media.webm.enabled
(Enabes/disables webm video playback)

10: media.encoder.webm.enabled
(Enabes/disables webm video playback encoder)

11: media.peerconnection.enabled
(Enabes/disables webrtc)

12: gfx.font_rendering.graphite.enabled
(To secure against graphite exploit!)



__________________________________________
Must be changed to: true

1: network.protocol-handler.warn-external
(Protocols (ex: http, ftp, mailto) are different methods of sending information over the Internet. Protocols may be handled by Mozilla applications themselves, or they may be passed to external applications, or they may not be handled at all. This preference controls whether to warn the user before opening an external application for protocols where a more specific network.protocol-handler.warn-external.(protocol) is not set.)
(Do the same for all the subsettings)

2: network.dns.disableIPv6
(IPv6 is a new version of the Internet Protocol that will be used in the future instead of IPv4. Not all web servers correctly support IPv6, and this can lead to connection failures and delays in loading websites. This preference controls which servers to use IPv4 on even if IPv6 is enabled.)



__________________________________________
Must be changed to: 0

1: network.http.sendRefererHeader
(HTTP is the application-layer protocol with which most web pages are transferred. As part of HTTP, requests can include a "Referer" (sic) header that tells the server which page the user was on that initiated the request. Servers use this information to track users' paths through the site and possibly provide additional features. Additionally, in JavaScript, the current page’s referrer is exposed in the DOM through document.referrer. Scripts running on the page can consult this property to see the same information that was sent in the Referer header. This preference controls when to send the Referer header and set document.referrer.)



__________________________________________
Must be changed to 1

1: network.dns.ipv4OnlyDomains
(IPv6 is a new version of the Internet Protocol that will be used in the future instead of IPv4. Not all web servers correctly support IPv6, and this can lead to connection failures and delays in loading websites. This preference controls which servers to use IPv4 on even if IPv6 is enabled.)



Part 3. Preventing your ISP from seeing that you use tor.
Sites accesed through tor are not visible to your ISP, however, they can see your connection to the tor-node.
To Prevent this, the best solution would be to use a vpn, best way would be tor behind a killswitch!
See: 1KsRvAWe1XH6exU8SoTfgfr84vKhrkAqiS/guides/VPN Killswitch guide.html

Part 4. Handling files.
Don't open any file while you're online! Some files are dangerous for your privacy!
Some files leak IP Adresses, some will damage your system, some will install virus/spyware.

Part 4b. Solution.
You can easily set-up a firewall to deny all connections and run the file through there.
Not going into detail about it since it has nothing to do with securing TBB.

[PRINT] - [HOME]
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More