Delivery-Date: Tue, 17 Feb 2015 21:24:11 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 09E511E101E
	for <archiver@seul.org>; Tue, 17 Feb 2015 21:24:10 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id BB3D6330F7;
	Wed, 18 Feb 2015 02:24:06 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 6084C330E2
 for <tor-talk@lists.torproject.org>; Wed, 18 Feb 2015 02:24:03 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0QxVMXdr5poA for <tor-talk@lists.torproject.org>;
 Wed, 18 Feb 2015 02:24:03 +0000 (UTC)
Received: from khazad-dum.seul.org (khazad-dum.csail.mit.edu [128.31.0.47])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "moria.seul.org", Issuer "moria.seul.org" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 4267832303
 for <tor-talk@lists.torproject.org>; Wed, 18 Feb 2015 02:24:03 +0000 (UTC)
Received: by khazad-dum.seul.org (Postfix, from userid 501)
 id CDC7C1E101E; Tue, 17 Feb 2015 21:24:00 -0500 (EST)
Date: Tue, 17 Feb 2015 21:24:00 -0500
From: Roger Dingledine <arma@mit.edu>
To: tor-talk@lists.torproject.org
Message-ID: <20150218022400.GR37920@moria.seul.org>
References: <CAKq8+A6r=Fb+HnborzE0a5Y3kMA_MTbXau9dtKy4iM3fgQditA@mail.gmail.com>
 <20150218023842.04f1e84484263adda9fbf542@wk3.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20150218023842.04f1e84484263adda9fbf542@wk3.org>
User-Agent: Mutt/1.5.20 (2009-12-10)
Subject: Re: [tor-talk] Tor on Arm Device
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Wed, Feb 18, 2015 at 02:38:42AM +0100, malte@wk3.org wrote:
> On Tue, 17 Feb 2015 20:21:54 -0500
> t <blackwaterproject@gmail.com> wrote:
> 
> > I've already installed NoScript & HTTPS Everywhere... but how else can I
> > secure my local copy of Firefox to match the security offered by the
> > pre-assembled Tor Brower?
> 
> Just a guess, but maybe you can just copy
> 
> tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/prefs.js and
> tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/preferences/*
> 
> and similar setting files?

Unfortunately, the longer answer is that you're not going to match the
security offered by Tor Browser in this way.

Currently Tor Browser is a fork of Firefox, meaning there are 100+
patches applied to the code before it's built:
https://gitweb.torproject.org/tor-browser.git/log/?h=tor-browser-31.4.0esr-4.5-1&showmsg=1
and some of the patches close serious privacy vulnerabilities that
Mozilla for whatever reason hasn't chosen to address.

You can read more about Tor Browser's goals here:
https://www.torproject.org/projects/torbrowser/design/
and an old but still useful discussion of attacks to consider is here:
https://www.torproject.org/docs/torbutton/en/design/

So in conclusion, I would recommend against acting as though you've
made your arm Firefox thing 'close enough' to Tor Browser.

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

