El Navegador Tor és un navegador web basat en Mozilla Firefox però configurat per a protegir la teva privacitat.

Sending your connections to websites through the Tor network is not enough to totally protect you while browsing the web:

This is why Tor Browser integrates all kinds of security protections inside the browser as well.

Algunes preguntes freqüents sobre el Navegador Tor es poden trobar a the FAQ.

Confinament AppArmor, descarregant, i i pujant arxius

El Navegador Tor a Tails està limitat amb AppArmor per protegir el sistema i les vostres dades d'alguns tipus d'atacs contra el Navegador Tor. Com a conseqüència, el Navegador Tor a Tails pot només llegir i escriure a un nombre limitat de carpetes.

Per això, per exemple, es pot enfrontar a errors de Permission denegada si intenteu baixar fitxers a la carpeta Home.

  • You can save files from Tor Browser to the Tor Browser folder that is located in the Home folder. The content of this folder will disappear once you shut down Tails.

  • Si vols pujar fitxer amb el Navegador Tor, fes-ne una còpia a aquella carpeta primer.

  • Si has activat la funcionalitat Personal Data de l'emmagatzematge persistent també pots utilitzar la carpeta Persistent/Tor Browser per descarregar i pujar fitxers des de Tor Browser. El contingut de la carpeta Persistent/Tor Browser es desa en diferents sessions de treball.

Per evitar que Tails es quedi sense memòria i es bloquegi, descarrega fitxers molt grans a la carpeta Persistent/Tor Browser. Tots els fitxers que baixeu fora de l'emmagatzematge persistent són emmagatzemats a la memòria (RAM), que és més limitada.

Encriptació HTTPS amb HTTPS Everywhere

Utilitzar HTTPS en lloc d'HTTP encripta les vostres comunicacions mentre navegueu per la web.

Totes les dades intercanviades entre el vostre navegador i el servidor que esteu visitant estan encriptades. HTTPS evita que el nus de sortida de Tor pugui espiar les vostres comunicacions.

HTTPS també inclou mecanismes per autenticar el servidor amb qui estàs comunicant. Però, aquells mecanismes poden ser defectuosos, com compte en la nostra pàgina d'avís.

For example, here is how the browser looks when we try to log in to an email account at riseup.net, using their webmail interface:

Notice the padlock icon on the left of the address bar saying "mail.riseup.net". Notice also the address beginning with "https://" (instead of "http://"). These are the indicators that an encrypted connection using HTTPS is being used.

When you are sending or retrieving sensitive information (like passwords), you should try to only use services providing HTTPS. Otherwise, it is very easy for an eavesdropper to steal whatever information you are sending, or to modify the content of a page on its way to your browser.

HTTPS Everywhere is a Firefox extension included in Tor Browser. It is produced as a collaboration between The Tor Project and the Electronic Frontier Foundation. It encrypts your communications with a number of major websites. Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For example, they might default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

To learn more about HTTPS Everywhere, you can see:

Protection against dangerous JavaScript

Having all JavaScript disabled by default would disable a lot of harmless and possibly useful JavaScript, and might render many websites unusable.

That is why JavaScript is enabled by default but Tor Browser disables all potentially dangerous JavaScript. We consider this as a necessary compromise between security and usability.

To understand better the behavior of Tor Browser, for example, regarding JavaScript and cookies, you can refer to the Tor Browser design document.

Security level

You can change the security level of Tor Browser to disable browser features as a trade-off between security and usability. For example, you can set the security level to Safest to disable JavaScript completely.

The security level is set to Standard by default which gives the most usable experience.

To change the security level, click on the icon on the right of the address bar and choose Advanced Security Settings….

Tor circuit

Click on the padlock in the address bar to show the Tor circuit that is used to connect to the website in the current tab, its 3 relays, their countries, and IP addresses.

The last relay in the circuit, the one immediately above the destination website, is the exit relay. Its country might influence how the website behaves.

Click on the New Circuit for this Site button to use a different circuit.

You can use Onion Circuits to get more detailed information about the circuits being used.

New Identity feature

To switch to a new identity, choose  ▸ New Identity.

The New Identity feature of Tor Browser:

  • Closes all open tabs.
  • Clears the session state including cache, history, and cookies.
  • Closes all existing web connections and creates new Tor circuits.
  • Erases the content of the clipboard.

This feature is not enough to strongly separate contextual identities in the context of Tails, as the connections outside of Tor Browser are not restarted.

Restart Tails instead.

For more details, see the design and implementation of the Tor Browser.

NoScript to have even more control over JavaScript

Tor Browser includes the NoScript extension to:

  • Protect from more JavaScript attacks. For example, cross-site scripting (XSS) attacks.
  • Allow you to disable JavaScript completely on some websites only.

For more information, you can refer to the NoScript website and features.

Letterboxing

The letterboxing feature of Tor Browser helps to prevent websites from identifying your browser based on the size of its window. Without letterboxing, websites could use the size of the browser window to track visitors or weaken your anonymity.

The letterboxing feature of Tor Browser works by adding gray margins to the browser window when the window is resized. The webpage remains as close as possible to the desired size without revealing the actual size of the window.