Hey OldPork,
FWIW #1, I was the impetus for the current implementation of TorButton. Back before the current TorButton, all TorButton did was change the proxy settings of Firefox. At that time I started hacking that old version of TorButton to protect users from web attacks, JS attacks, etc., but I didn't have the skills to do so properly. I wrote about what I was doing on the Tor IRC channel and Mike Perry took over and did all the heavy lifting.
FWIW #2, I was also the impetus for Tor Browser Bundle (TBB). Back before TBB existed I started hacking Tor, Firefox, Polipo, etc., to all be complied in portable mode on Linux (using Ubuntu), and windows too. I wrote a how-to to compile the programs and build the first TBB (back then I didn't call it TBB); but just like TorButton I hit a wall in my skill level. So, just like TorButton I wrote about what I was doing on Tor IRC and Dr. Steven J. Murdoch took an interest in my project. He was nice enough to take over for me, and he made the first offical TBB for Tor.
Thus, without my early (and limited/failed) attempts at hacking the original TorButton, Tor, Firefox, etc., we might not have TorButton (as it is today) or TBB...
Yes it does, Tor is the only critical part. Vidalia is merely a GUI for Tor, Vidalia is not needed, but does make using Tor easier for most people. For years I used Tor before there even was a GUI, back before there was Polipo, and all we had was Privoxy and Tor (no TorButton either)...
People can use other web browsers with Tor, not just Firefox, but Firefox is the only one that should be used because of the add-on TorButton. That add-on is critical to safely using a web browser to defeat many various attacks against browsers.
Tor works out of the box and does not need to be configured for vanilla usage. To use a web browser with Tor, all you need to do is set the bower proxy settings (HTTP, HTTPS and Socks 5) to proxy: 127.0.0.1 and port: 9050 and use remote DNS look-up (which will route through Tor). Of course, that works only if the browser properly handles Socks 5 traffic. Firefox (un-hacked) does not properly handle Socks 5 traffic so we need to use a HTTP/S proxy such as Polipo or Privoxy, which uses port 8118. Thus, to use any web browser and Tor, all you need to due is use Polipo or Privoxy and set the browser proxy settings (HTTP and HTTPS) to proxy: 127.0.0.1 and port: 8118 and set the Socks proxy setting to 127.0.0.1:9050, along with using remote DNS lookup.
Only the windows bundle offers Pidgin, and the Linux bundle now does not have Polipo because the Linux version uses a hacked Firefox that properly handles Socks 5.
Also, there are many add-ons to Firefox one should use, I made a list in another post that I think VG made into a thread in this sub-forum with my nic in the thread title. The windows bundle is lacking an important add-ons that is present in the Mac and Linux version of the bundle: NoScript
Not using an HTTP/S proxy makes surfing faster, but is only possible with the Linux bundle at this time. Also, using Polipo with forums like ICmag causes a recurring SSL error. That is why I wrote how to use Privoxy instead because Privoxy does not have the same bugs as Polipo that causees the SSL error.
That is untrue, I wish it was true, but it's not. For example, there are many ways JavaScript, Flash, etc., can break your anonymity. TorButton does a very good job of making JS 'safe', but it's not a fail-safe. Also, cookies (especially flash cookies and HTML5 cookies) are a major issue that can break your anonymity, and without additional add-ons cookies are harder to control, even with TBB and TorButton. Not only that, but TBB has the same limits that Tor (installed version) has: MIMT attacks, exit node packet sniffing (on HTTP), SSL cert spoofing, etc., etc.
In a perfect world, without websites using JS in evil ways, and without worries about evil exit nodes, etc., you are correct, Tor is 100% anonymous...but we don't live in a perfect world.
Tor is the best legal option there is, but it has limits to it's ability to anonymize us if we are attacked, or if Tor is attacked (such as the Tor Directly Authorities, flooding the network with evil nodes, etc.).
TBB does not have "everything you need to safely browse the Internet". You should at least install the following add-ons if you want a higher level of anonymity:
FWIW #1, I was the impetus for the current implementation of TorButton. Back before the current TorButton, all TorButton did was change the proxy settings of Firefox. At that time I started hacking that old version of TorButton to protect users from web attacks, JS attacks, etc., but I didn't have the skills to do so properly. I wrote about what I was doing on the Tor IRC channel and Mike Perry took over and did all the heavy lifting.
FWIW #2, I was also the impetus for Tor Browser Bundle (TBB). Back before TBB existed I started hacking Tor, Firefox, Polipo, etc., to all be complied in portable mode on Linux (using Ubuntu), and windows too. I wrote a how-to to compile the programs and build the first TBB (back then I didn't call it TBB); but just like TorButton I hit a wall in my skill level. So, just like TorButton I wrote about what I was doing on Tor IRC and Dr. Steven J. Murdoch took an interest in my project. He was nice enough to take over for me, and he made the first offical TBB for Tor.
Thus, without my early (and limited/failed) attempts at hacking the original TorButton, Tor, Firefox, etc., we might not have TorButton (as it is today) or TBB...
Yes it does, Tor is the only critical part. Vidalia is merely a GUI for Tor, Vidalia is not needed, but does make using Tor easier for most people. For years I used Tor before there even was a GUI, back before there was Polipo, and all we had was Privoxy and Tor (no TorButton either)...
People can use other web browsers with Tor, not just Firefox, but Firefox is the only one that should be used because of the add-on TorButton. That add-on is critical to safely using a web browser to defeat many various attacks against browsers.
Tor works out of the box and does not need to be configured for vanilla usage. To use a web browser with Tor, all you need to do is set the bower proxy settings (HTTP, HTTPS and Socks 5) to proxy: 127.0.0.1 and port: 9050 and use remote DNS look-up (which will route through Tor). Of course, that works only if the browser properly handles Socks 5 traffic. Firefox (un-hacked) does not properly handle Socks 5 traffic so we need to use a HTTP/S proxy such as Polipo or Privoxy, which uses port 8118. Thus, to use any web browser and Tor, all you need to due is use Polipo or Privoxy and set the browser proxy settings (HTTP and HTTPS) to proxy: 127.0.0.1 and port: 8118 and set the Socks proxy setting to 127.0.0.1:9050, along with using remote DNS lookup.
Only the windows bundle offers Pidgin, and the Linux bundle now does not have Polipo because the Linux version uses a hacked Firefox that properly handles Socks 5.
Also, there are many add-ons to Firefox one should use, I made a list in another post that I think VG made into a thread in this sub-forum with my nic in the thread title. The windows bundle is lacking an important add-ons that is present in the Mac and Linux version of the bundle: NoScript
Not using an HTTP/S proxy makes surfing faster, but is only possible with the Linux bundle at this time. Also, using Polipo with forums like ICmag causes a recurring SSL error. That is why I wrote how to use Privoxy instead because Privoxy does not have the same bugs as Polipo that causees the SSL error.
That is untrue, I wish it was true, but it's not. For example, there are many ways JavaScript, Flash, etc., can break your anonymity. TorButton does a very good job of making JS 'safe', but it's not a fail-safe. Also, cookies (especially flash cookies and HTML5 cookies) are a major issue that can break your anonymity, and without additional add-ons cookies are harder to control, even with TBB and TorButton. Not only that, but TBB has the same limits that Tor (installed version) has: MIMT attacks, exit node packet sniffing (on HTTP), SSL cert spoofing, etc., etc.
In a perfect world, without websites using JS in evil ways, and without worries about evil exit nodes, etc., you are correct, Tor is 100% anonymous...but we don't live in a perfect world.
Tor is the best legal option there is, but it has limits to it's ability to anonymize us if we are attacked, or if Tor is attacked (such as the Tor Directly Authorities, flooding the network with evil nodes, etc.).
TBB does not have "everything you need to safely browse the Internet". You should at least install the following add-ons if you want a higher level of anonymity:
- RefControl (to spoof referrer; needs to be configured properly)
- BetterPrivacy (auto-deletes Flash cookies)
- NoScript (prevents much JS junk, webbugs, etc)
- CookieCuller (to make removing normal cookies more user friendly)
Errr, kind of. You will need to configure you application (like Firefox) to use Poilpo, which in turn is pre-configured to use Tor. For Pidgin (anon IRC) you just use Tor socks proxy settings: 127.0.0.1:9050.
You don't need to configure Tor, it works out of the box, but you will need to install and configure an HTTP/S proxy to use Tor (for most web browsers), then configure the web browser to use the HTTP/S proxy, etc.
