Tor_Browser.mdwn 5 KB
Newer Older
Tails developers's avatar
Tails developers committed
1
[[!meta title="Browsing the web with Tor Browser"]]
2

Tails developers's avatar
Tails developers committed
3
[[!img Tor_Browser/mozicon128.png link=no alt="Iceweasel icon"]]
4

5
Tor Browser is a rebranded version of the [[Mozilla
6
7
8
9
10
11
12
13
Firefox|http://www.mozilla.com/firefox/]] web browser. Given its popularity many
of you have probably used it before and its user interface is like any other
modern web browser.

Here are a few things worth mentioning in the context of Tails.

[[!toc levels=2]]

Tails developers's avatar
Tails developers committed
14
15
<a id="https"></a>

16
17
18
HTTPS Encryption
================

Tails developers's avatar
Tails developers committed
19
Using HTTPS instead of HTTP encrypts your communication while browsing the web.
20

Tails developers's avatar
Tails developers committed
21
22
All the data exchanged between your browser and the server you are visiting are
encrypted. It prevents the
23
[[Tor exit node to eavesdrop on your communication|doc/about/warning#exit_node]].
Tails developers's avatar
Tails developers committed
24
25
26
27

HTTPS also includes mechanisms to authenticate the server you are communicating
with. But those mechanisms can be flawed,
[[as explained on our warning page|about/warning#man-in-the-middle]].
28
29
30
31
32

For example, here is how the browser looks like when we try to log in an email
account at [lavabit.com](http://lavabit.com/), using their [webmail
interface](https://lavabit.com/apps/webmail/src/login.php):

33
[[!img doc/anonymous_internet/Tor_Browser/lavabit.png link=no alt="Tor browser"]]
34
35
36
37
38

Notice the small area on the left of the address bar saying "lavabit.com" on a
blue background and the address beginning with "https://" (instead of
"http://"):

39
[[!img Tor_Browser/address-bar.png link=no alt="address bar showing 'lavabit.com'
40
41
42
43
44
45
46
47
48
49
/ 'https://lavabit.com/'"]]

These are the indicators that an encrypted connection using [[!wikipedia HTTPS]]
is being used.

You should try to only use services providing HTTPS when you are sending or
retrieving sensitive information (like passwords), otherwise its very easy for
an eavesdropper to steal whatever information you are sending or to modify the
content of a page on its way to your browser.

Tails developers's avatar
Tails developers committed
50
51
<a id="https-everywhere"></a>

52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
HTTPS Everywhere
================

[[!img https-everywhere.jpg link=no alt="HTTPS Everywhere logo"]]

[HTTPS Everywhere](https://www.eff.org/https-everywhere) is a Firefox extension
shipped in Tails and produced as a collaboration between [The Tor
Project](https://torproject.org/) and the [Electronic Frontier
Foundation](https://eff.org/). It encrypts your communications with a number of
major websites. Many sites on the web offer some limited support for encryption
over HTTPS, but make it difficult to use. For instance, they may default to
unencrypted HTTP, or fill encrypted pages with links that go back to the
unencrypted site. The HTTPS Everywhere extension fixes these problems by
rewriting all requests to these sites to HTTPS.

To learn more about HTTPS Everywhere you can see:

Tails developers's avatar
Tails developers committed
69
70
 - the [HTTPS Everywhere homepage](https://www.eff.org/https-everywhere)
 - the [HTTPS Everywhere FAQ](https://www.eff.org/https-everywhere/faq/)
71

Tails developers's avatar
Tails developers committed
72
73
<a id="torbutton"></a>

74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Torbutton
=========

Tor alone is not enough to protect your anonymity and privacy while browsing the
web.  All modern web browsers, such as Firefox, support [[!wikipedia
JavaScript]], [[!wikipedia Adobe_Flash]], [[!wikipedia HTTP_cookie
desc="cookies"]] and other services which have been shown to be able to defeat
the anonymity provided by the Tor network.

In Tails all such features are handled from inside the browser by an extension
called [Torbutton](https://www.torproject.org/torbutton/) which does all sorts
of things to prevent the above type of attacks. But that comes at a price: since
this will disable some functionalities and some sites might not work as
intended.

To learn more about Torbutton you can see:

- [the Torbutton homepage](https://www.torproject.org/torbutton/)
- [the Torbutton
  FAQ](https://www.torproject.org/torbutton/torbutton-faq.html.en)

Tails developers's avatar
Tails developers committed
95
96
<a id="javascript"></a>

97
98
99
100
101
102
103
104
105
106
107
108
109
110
Protection against dangerous JavaScript
=======================================

Having all JavaScript disabled by default would disable a lot of harmless and
possibly useful JavaScript and render unusable many websites.

That's why **JavaScript is enabled by default** in Tails.

But we rely on Torbutton to **disable all potentially dangerous JavaScript**.

We consider this as a necessary compromise between security and usability and as
of today we are not aware of any JavaScript that would compromise Tails
anonymity.

111
112
For more technical details you can refer to the [Tor Browser design
document](https://www.torproject.org/projects/torbrowser/design/).
113

Tails developers's avatar
Tails developers committed
114
115
<a id="noscript"></a>

116
117
118
119
120
NoScript to have even more control over JavaScript
==================================================

[[!img noscript.png link=no alt="NoScript logo"]]

121
122
123
124
125
126
127
128
129
To allow more control over JavaScript, for example to disable JavaScript
completely, Tails includes the <span class="application">NoScript</span>
extension.

By default, <span class="application">NoScript</span> is disabled and some
JavaScript is allowed by the <span
class="application">[[Torbutton|Tor_Browser#javascript]]</span> extension as
explained above.

130
131
For more information you can refer to the NoScript
[website](http://noscript.net/) and [features](http://noscript.net/features).