Leaderboard

Are we really surfing safe with the standard browser settings? Let's go to the next part of this guide where we will explain what needs to be done to really secure the browser. Browser Configuration First of all we are going to configure NoScript which is an extention that comes bundled with the Tor Browser Bundle. The reason for doing this is to block all scripts which are a danger if left enabled. Click on the NoScript icon. From the drop down menu click on Options. On the Whitelist tab go to the bottom and uncheck Scripts Globally Allowed (dangerous). On the Embeddings tab check Forbid Java, Forbid adobe flash, Forbid microsoft silverlight, Forbid other plugins, Forbid <AUDIO> / <VIDEO>, Forbid <IFRAME>, Forbid <FRAME>, Forbid @font-face. Check the rest of the options as shown and click Okay. NoScript is a good tool even for non Tor activies and it helps a lot to surf the net safely up to a certain extent. If you want to learn more about it you can go to its website and visit its forum for futher help. NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! - what is it? - InformAction Extended Browser Configuration As you can see, besides the NoScript extention there is not much to configure in the browser, but there is more to block by entering about:config, like JavaScript, HTTP_Referer and Cookies. First thing to do here is to disable JavaScript completely because it is a risk to your security. We are not going to get too technical and explain how JavaScript works, but all we can say is that regardless what the Tor developers say, any browser, Tor or not Tor, is not safe with JavaScript enabled. That has been proven before where a vulnerabitlty in their browser and a code inserted on some sites led to many people having Tor bypassed and their real IP exposed. Because of that we will explain how to disable JavaScript. Let's start by typing about:config in the browser's address bar and hitting Enter. Click on I'll be careful, I promise!. On the search bar type javascript.enable. Right click on javascript.enabled and on the popup menu left click on Toggle to change the value from true to false to disable JavaScript completely. This is the way it's going to look after the change. Now we are going to disable HTTP_Referers because it also is a risk having them enabled. How do referers work? Let's say you are on a website and somebody posts a hyperlink to a picture. If you click on it, the browser will send a request to the server where the picture is, so they can send it back to you and display it in your browser. That request also sends a referer field to that server, telling it where you are coming from, which is the website where the hyperlink was posted. That doesn't sound too bad, but what if that website was private and only your family and closest friends knew about it? Well, not private anymore, since whoever controls the server where that picture is stored, can track you back to where you came from. On the search bar type network.http.sendRefererHeader. Right click on network.http.sendRefererHeader and in the popup menu left click on Modify. Right now the value of it is 2. Change that number to 0 and click Okay. This is the way it's going to look after the change. On the search bar type network.http.sendSecureXsiteReferrer. Right click on network.http.sendSecureXsiteReferrer and on the popup menu left click on Toggle to change the value from true to false. This is the way it's going to look after the change. On the search bar type extensions.torbutton.saved.sendSecureXSiteReferrer. Right click on extensions.torbutton.saved.sendSecureXSiteReferrer and on the popup menu left click on Toggle to change the value from true to false. This is the way it's going to look after the change. Cookies and referrers can be used to track your browsing habits, so they generally should be turned off. If a site really requires cookies (e.g. for a login) or referrers (e.g. to show pictures), you can always turn them back on temporarily if the site is worth it. On the search bar type network.cookie.cookieBehavior. Right click on network.cookie.cookieBehavior and on the popup menu left click on Modify. Right now the value of it is 1. Change that number to 2 and click Okay. This is the way it's going to look after the change. After all the changes are done, restart the browser and click on Test Tor Network Settings. That is going to show you a message saying Congratulations. This browser is configured to use Tor. along with the IP address of the exit node your are using at the moment. Another checker to test your Tor connection is:https://torcheck.xenobite.eu/index.php Notes Just some notes about what wasn't changed and what will happen after the changes to the browser and other stuff. By making the changes explained in this guide to the Tor Browser Bundle some sites will not work properly and others won't work at all. We wrote this guide to help you avoid leaking any personal information and safety comes with its downsides, but at the end it is up to you if you want to lower your defences to get to the pages or files you are after. The HTTP_User_Agent wasn't changed since the agent used in the browser is a generic one, that is, everybody shows the same spoofed variable and it didn't need to be changed since it doesn't show any personal information. It would be better to abstain from installing any add-ons to enhance your browsing experience. While some add-ons bring many useful features they could be a risk to your safety since they could bypass Tor completely and reveal your real IP. Plugins, like any other add-ons, should never be installed, simply because a plugin rarely obeys the proxy settings of the browser. People that run exit nodes could see the information going in and out of them, that is the way Tor works, and for that reason even when using Tor you should always be careful with the kind of personal information you are sharing on the Internet. Under no circumstances, never ever even give hints about your real name, country or any other personal details if you really want to stay anonymous. If you do so, even Tor couldn't help you to stay hidden. Don't rely just on Tor to be anomymous. Use common sense while surfing the net, be careful and remember that Tor wasn't created to be used in illegal activities, just like this guide wasn't written to encourage and help people to break the law or hurt anybody, but to help anonymous freedom of speech worldwide. For more information visit this site:https://www.torproject.org/docs/faq.html and with pics http://tutorneunixbasq6.onion/guide/tbb.html