Tor Browser Needs An Ad Blocker
by Nomad
May 27, 2022
The Tor Browser may give users a sense of false security.
The only way to avoid fingerprinting while using it is to set its Security Level at "Safest", disabling all JavaScript. As long as JS is enabled, the browser will leak operating system and screen size information that can be used to identify a user, especially on a network as small as Tor. To verify this, set the browser to the "Standard" or "Safer" level and head over to these test sites:
https://coveryourtracks.eff.org/
One could always leave the browser set at "Safest", but disabling JS will break the majority of sites, so it's not a realistic option for casual surfing. Browsing in "Standard" mode would be both safer and pleasanter with a decent ad blocker, and I find it almost criminally irresponsible that the Tor Project still hasn't included one. Ads are an attack vector and pose a threat to privacy. The Tor Project knows that by not including a blocker it is compromising users' anonymity, yet continues not to so as to try to mollify Google.
A user could install an add-on like uBlock Origin, but doing so will make him more identifiable. What's needed is a preinstalled, preconfigured blocker whose settings cannot be changed by the user and that is automatically switched on in "Standard" and "Safer" modes.
Addendum
I drafted this article shortly before hearing about the newly-discovered security vulnerabilities in Firefox-based browsers when JS is enabled. If you're using the Tor Browser, make sure you're using version 11.0.13 or later, and if you're using Firefox or a derivative like LibreWolf, make sure it's v100.0.2 or later.
Learn more in this video:
https://invidious.weblibre.org/watch?v=DlKjfT31NlA
Tor mirror:
http://grwp24hodrefzvjjuccrkw3mjq4tzhaaq32amf33dzpmuxe7ilepcmad.onion/watch?v=DlKjfT31NlA
/gemlog/