I recently received an L5, and am in the process of setting up the device for my workflow. Prior to the L5, I was using GrapheneOS (security hardened android fork). My primary browser on Graphene was the Tor Browser, and I want to use this browser on the L5 with PureOS. I had a few attempts at getting the Tor Browser installed, but everything falls short.
Anyone have a better solution?
Attempt 1: Desktop Tor Browser on ARM
I went to the Tor Project’s official website and looked for an ARM version of the Tor Browser, but I could not find an ARM version available for download. There was some discussion about ARM support here and here, but I am not aware of an ARM build for linux desktop currently.
Attempt 2: Android Tor Browser
Tor Browser is officially supported on Android. I found a thread with instructions for installing anbox on byzantium, but byzantium is using 5.18 kernel which dropped a kernel module needed for anbox. I downgraded to amber (using kernel 5.15) and got anbox working with android tor browser installed, but it crashes too frequently to be of any use. Even if I can get it to work, this is not a great long term solution, would be stuck on kernel 5.15. Is there any other way to run android apps on byzantium?
Attempt 3: Tor + Librewolf
I installed the tor package from the repos, and installed Librewolf through flatpak. I configured librewolf to use a socks5 proxy, and it does work, but I prefer not to roll my own solution due to the possibility of leaks. Also, the fingerprint compared to the Tor Browser will be different. Librewolf also does not scale properly on the L5. Is it possible to set scaling on a per app basis?
I would personally use Firefox and route the whole traffic through Tor.
You can either do it on Librem 5 or on your router.
The reason behind is that at the moment getting a well working browser on Librem 5 is not easy in the first place. So taking complicated paths and insisting on a particular browser will only lead to a bad browsing experience like you had with Tor in Anbox.
Apart from that I think that for the Tor project it makes sense to release an official and responsive version for Librem 5, PinePhone and Raspberry Pi.
At the end of the day such devices are used precisely by people interested in Tor.
I found a fork with armhf support, and after patching a few things I was able to successfully build the browser. I tried adding armhf multiarch support, installed a few libraries from the package repo, but run into package conflicts unfortunately.
Anyone have ideas? It’s unfortunate that I can’t get this working, these phones are excellent for privacy and security with the physical switches, but without Tor Browser the fingerprint when browsing will stand out.
The Tor Browser adds a lot of patches to firefox that make fingerprint across all Tor Browser user look nearly identical. Many browser APIs are blocked (such as API’s attempting to access hardware), the window is letterboxed, fonts are the same, User-Agent and headers are the same, etc. On safest mode, it is extremely difficult to tell one Tor Browser user apart from another. Here is their fingerprint design docs.
Not necessarily disagreeing with you but it’s not a FF thing as unique identifiers are in every browser. Even TOR has some, but it’s much smaller and obfuscated. Take a look at https://panopticlick.eff.org/
OK, I’m wondering what the differences are between
running FF with resistFingerprinting set to true (as I have)
the patches that Tor Browser uses.
I don’t think that web site works properly if you have already set resistFingerprinting.
For example: let’s say that that setting generates a random syntactically valid but otherwise bogus UserAgent each time you start the browser (it doesn’t but this is a thought experiment). On the one hand, your browser would always be unique among all browsers sampled by that web site in the last X days (and would be reported as giving 17 bits of fingerprint or so). On the other hand, UserAgent under those circumstances would be somewhat useless for fingerprinting or tracking.
So there are two diametrically opposed approaches.
Utterly uniform and standardised results for all browsers of users who care about this - so very limited uniqueness, few bits of fingerprint.
Randomised settings for all things that can be sampled for fingerprinting, potentially randomised every X minutes or even between connection requests - so a high degree of uniquness, high number of bits of fingerprint - but useless for fingerprinting or tracking.
Personally, I find it galling, and ironic, that my decision to set DNT contributes 1.15 bits to my fingerprint.
Before anyone goes off tangent on the Tor browser, virtual private networks (VPNs), and I2P, all of these services may require a host as a mask or proxy to cover tracks of ip address. Regardless, one must entrust that host to uphold the value of the proxy role. Since the client might not know which host to connect to (at least for the Tor proxy network), it risks surveillance and sabotage. Wikipedia records state that Tor proxy services had undergone a history of cyber attacks. This fact is something not to be ignored. Then after, you can worry about the risks of visiting .onion sites. Still, I don’t know why PureOS would want to engage with such risks in the first place.
VPNs might allow a preview of manual host selection, but one cannot verify the safety of such proxies. Anti-malware sites like virustotal.com would work in picking up any past records associated with the ip address in question. Still, some services like Tor does not allow manual selection for the matter of safety. That is when things get dicey. I rather prefer a virustotal.com search engine/proxy/vpn, redirecting any site navigation to a scan results page with normal method to site navigation.
I don’t know much about i2p, but I just assume that it is a Tor alternative.
Below are links to arbitrary claims of the Tor proxy network vulnerabilities. Yes, these are just claims without proven facts and evidence. Still, these claims exist as an insight.
All networks, by their very nature, are risky, and should be treated as adversarial if you want to maximize your security (hence why firewalls are used). If you’re using wifi, the router and every other hop needed to get packets from source to destination and back could also be used for surveillance and sabotage. Many DNS requests are unencrypted. In these cases the DNS provider could redirect all your queries to malware domains.
A lot of criticisms about Tor are actually just criticisms about networks in general, and aren’t specific to Tor.
I2P is like Tor, but using a different model for routing traffic. At a high level, in Tor you connect to relays that route traffic. In I2P, everyone using the network is also a relay that routes traffic. Some argue that I2P is a better model since it potentially allows for more relays.
Technically there is a difference between whether the DNS request/response is encrypted and whether the DNS response is cryptographically authentic (signed). The latter will solve the issue of malicious directing of your queries, while not providing any privacy (confidentiality) such as you get from the former.
As I understand it, you can get the latter with (what is now) vanilla DNS (via DNSSEC) but in order to get encryption you would need to use, for example, DNS-over-TLS (DoT) or DNS-over-HTTPS (DoH).
Confidentiality of DNS requests is often not considered a high priority because if you immediately follow the DNS request with a (secure or insecure) connection request to the resulting IP address then you are leaking information about that DNS request anyway.
Obviously technologies like TOR muddy the waters in the claim in the previous paragraph.