Is IceCat that secure that I don't need the Tor Browser anymore?

15 replies [Last post]
pogiako12345
Offline
Joined: 07/11/2014

Is it? :-/

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Security and anonymity are different things. Currently, Icecat is no replacement to Tor. I believe there is a plan to make Icecat private mode go through Tor though.

ssdclickofdeath
Offline
Joined: 05/18/2013

"I believe there is a plan to make Icecat private mode go through Tor though."
It already does. :-)

pogiako12345
Offline
Joined: 07/11/2014

True, and that is private mode.

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

My bad. That is excellent news!

Legimet
Offline
Joined: 12/10/2013

That's true, but I don't think it's configured the same way as Tor Browser, so it will have a different fingerprint. Using Tor Browser is a better idea if you want anonymity.

GNUser
Offline
Joined: 07/17/2013

Allow to clarify.
RMS said he uses IceCat and Tor. Many people think that makes it OK. Well, maybe in a freedom perspective (one can argue that IceCat is more free than Firefox or Tor Browser, but from a user point of view they are the same). However from a security and privacy perspective, it is totally wrong.

Consider this: Tor hides your identity by making every user look the same. So, if you use a different browser (and there are many ways to know which browser you are using) you make yourself unique, and therefore easy to track and follow. I had already said that in another comment here in the forum.

Consider also this: the Tor Project has a team working on the Tor Browser everyday, to make it safe to use. You think they would spend resources like that if it was THAT easy? It's not. Browser fingerprint is a though subject and the Tor Browser has a lot of patches to make sure that you don't seem too unique. IceCat for example has LibreJS or whatever that is called. It is a MAJOR fingerprint issue. Maybe if everyone used it it would be ok, but as of right now I think not a lot of people do that.

Also consider this: Tor Browser has been aligning its releases with Firefox security releases to make sure that there are no open bugs an attacker might exploit. I don't know about IceCat release cycle, but check if they are fast enough putting out security updates.

Finally, I will have to advise everyone NOT to use IceCat with Tor, at least not if you need STRONG anonimity. If its just a matter of not wanting your ISP to know that you see funny cats online, that's ok. But the websites where you see funny cats have a good chance of knowing that its you. Well, at least knowing its the same person, even if they can't know who it is...

quantumgravity
Offline
Joined: 04/22/2013

"RMS said he uses IceCat and Tor. Many people think that makes it OK. Well, maybe in a freedom perspective (one can argue that IceCat is more free than Firefox or Tor Browser, but from a user point of view they are the same). However from a security and privacy perspective, it is totally wrong.
"

Well, i think RMS really does care about privacy; that's the reason why he refused to connect to websites until today.
He just doesn't need really strong anonymity and i think that's the reason why he's ok with icecat + tor.

Maybe you stick out more with a browser like icecat in combination with tor;
however, this fact doesn't "reveal" your identity.
I mean, still there is no connection between your tor ip and your real ip; it's just easier to create a profile for "this certain tor user" and this can have more consequences if you make a mistake once.
So i guess it depends on your needs for privacy if you're ok with that.

But it's true what you said about security. It's a totally different issue!

onpon4
Offline
Joined: 05/30/2012

I actually messaged RMS about this, and he seems to think that IceCat's way is better. I think he has been misinformed.

He's also naive when it comes to JavaScript, I think; you can't depend on an automated program to tell you if a program is malicious, so if you're just accepting every libre program based on the inspection of such an automated program, you're not protected from any malicious features. RMS doesn't seem to see it that way. He seems to view LibreJS as protective against malicious JavaScript.

GNUser
Offline
Joined: 07/17/2013

I guess you can't teach new tricks to an old dog :P
Maybe he could speak with the people from Tor Project. Try to suggest him that.

quantumgravity
Offline
Joined: 04/22/2013

"RMS said he uses IceCat and Tor. Many people think that makes it OK. Well, maybe in a freedom perspective (one can argue that IceCat is more free than Firefox or Tor Browser, but from a user point of view they are the same). However from a security and privacy perspective, it is totally wrong.
"

Well, i think RMS really does care about privacy; that's the reason why he refused to connect to websites until today.
He just doesn't need really strong anonymity and i think that's the reason why he's ok with icecat + tor.

Maybe you stick out more with a browser like icecat in combination with tor;
however, this fact doesn't "reveal" your identity.
I mean, still there is no connection between your tor ip and your real ip; it's just easier to create a profile for "this certain tor user" and this can have more consequences if you make a mistake once.
So i guess it depends on your needs for privacy if you're ok with that.

But it's true what you said about security. It's a totally different issue!

GNUser
Offline
Joined: 07/17/2013

I heard you the first time, no need to double post :P
Anyway, that's the problem, you get a fingerprint issue and one day that will bite you right in the butt. For example, how many people do you think are using IceCat with Tor and visit the FSF and GNU pages everyday? You can bet that person is RMS. So... it protects him yes, but it shouldn't be used that way. That's why I wrote that post. People who need strong anonymity should use the Tor Browser. And I don't want people posting FUD online about "IceCat is the only real free version, you have to use it", so I decided to open up the game first :)

P.S.: How are things going with the asian chick? Did linphone help?

quantumgravity
Offline
Joined: 04/22/2013

Sorry for double post :P

Yeah, but i heard him comment on refusing to use a credit card. He said that he's not really concerned about his data getting revealed to a company, but rather he doesn't want to participate in a system which makes it possible to do mass surveillance.
Maybe it's the same argumentation here with tor and icecat? Just my guess.

"P.S.: How are things going with the asian chick? Did linphone help?"

Nah, we had problems with the router and since the problem will be solved anyway in a few weeks, we decided to just wait and stick to texting ;)
However, it's sad that skype manages to circumvent blocked ports and stuff so easily where libre alternatives fail so far.

GNUser
Offline
Joined: 07/17/2013

Well, to each his own I think.

As for the other subject... Sorry man, that sucks :S
Censorship and surveillance are terrible things really, that is why I am such a fan of Tor. Too bad that Tor only traffics TCP and most VOIP like Linphone will use UDP. Skype can get by because:
1. They use TCP (you can even use Tor if you don't mind they listening to you);
2. They are Microsoft (big contracts going on, open a lot of doors/ports lol).

While I hope you guys get an alternative soon, I also hope people will keep on working on solutions for these problems. Giving up is not the answer, we must try to support projects that empower us, the people! Tor and I2P are good solutions but they could use more help. The FSF should probably invest more in these technologies and less in some other things.

GNUser
Offline
Joined: 07/17/2013

P.S.: In terms of security, Chrome is the best. Mozilla and Tor Project are keeping tabs on their development so they can implement some of their solutions. But from a privacy standpoint, Chrome is a nightmare compared to firefox. That's why Tor Browser is based on Firefox. So you see, it's not a matter of "IceCat being secure enough", it's more about if it's the right piece of software for the task at hand.

SuperTramp83

I am a translator!

Offline
Joined: 10/31/2014

>Tor hides your identity by making every user look the same. So, if you use a different browser (and there are many ways to know which browser you are using) you make yourself unique, and therefore easy to track and follow.

right!

>People who need strong anonymity should use the Tor Browser.

should use tails