FoxyProxy : Safe browsing made simple

Ever since FF3 came out of the oven, we’ve all heard the complaints about Torbutton and its functionality (or lack thereof). Well Torbutton did serve its purpose in FF2, but not so much in FF3.

In fact not only is it unstable in FF3, it may even leak your private info. Besides that, Torbutton is notorious for changing settings without informing the user. I know certain constraints are to be met if you need true security (I.E. Disabling JavaScript etc…) but not letting the user choose this makes me a bit weary.

FoxyProxy doesn’t have these problems (last I checked).

To use Tor with FoxyProxy, first download Tor. Select the “stable” bundle. When installing, select Only Tor and Vidalia.

Select Tor and Vidalia only.

Select Tor and Vidalia only.

Tor is required, of course. And Vidalia gives you a nice interface to browse your connections and the network.

Then download FoxyProxy. Use Firefox to browse the link so you can install with one click.

Once installed and restarted, FF will show the FP button on the lower right corner of the browser. Click that, which will bring up the Options. Select Tor in the mode selection.

Use proxy "Tor" for all URLs

Use proxy "Tor" for all URLs

That’s it!

Torbutton (along with Privoxy in the bundle) used to be a nice and simple way to stay secure. Unfortunately FF3 was too good to refuse and TB couldn’t keep up.

As for load speeds, FP is almost exactly the same speed as Torbutton. Just as expected as you’re using the same proxy network, just a different utility to manage connections from the browser. As always, disabling JavaScript and Java is a good idea if you want to maintain anonymity to an appreciable degree.

The same goes for plugins such as Adobe, Flash, Silverlight etc…

Advertisements

4 thoughts on “FoxyProxy : Safe browsing made simple

  1. I have become more than slightly disillusions by Tor for a variety of reasons. It is slow, offers fairly poor privacy if the exit node is poorly configured or actively packet sniffed. That said one of the main reason more people do not use it is the steps required to set it up. Whilst this may not be a daunting challenging for a tech savvy person, there are many out there for whom installing and configuring a local proxy is a daunting task. Initially only Opera, in the form OperaTor, was packaged up to include Tor but it is nice to see my favourite browser getting the same treatment. Good post :)

  2. Thanks Konrad.

    The real key to privacy is the understanding that both it and anonimity are always relative. Unfortunately a lot of people just expect everything to be : “I’m all setup and invulnerable!!!”. But we know that’s never the case.

    As for being slow… Boy it sure is! But for basic privacy it gets the job done. I do think the Tor people have done a good job lately at making it easier to setup a safer node. The alpha is a bit unstable at times still, but I think it’s an improvement.

    The exit node issue is something we all have to cautious of as node configuration isn’t the only hurdle. There are also crackdowns on node ops which is rather alarming. As a node op, I’m a bit worried as well, though I live in the U.S.

  3. Originally submitted as a comment at:
    https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton

    But it won’t be allowed to be seen there, so I’m posting it in other places where it’s relevant:

    ================================

    ATTENTION PLEASE:

    The tor project has long since begun to stink of black op government compromise.

    The lawless military/police state that most of us unknowingly live in has been in the business of infiltrating opposing entities for a long, long time. They create bogus opposition that they control, they infiltrate existing organizations to influence their direction, they set up honeypot organizations to find out who opposes them, etc.

    What stinks in the TOR world? Among other things I don’t have time to go into now:

    1. When I recently went to visit the internet, the torbutton that I had installed a long time ago into a standard Firefox browser suddenly stopped toggling, and gave me a long message saying so. Question is: HTF did you get an old piece of add-on code installed in my browser a long time ago to suddenly change its functionality??? What bizarre entree into my browser do you have, and how did you get into it? Did my old version of torbutton have some kind of remote control comms built into it so that you could fnck with it without my knowledge later on?

    2. You push the browser bundle these days. Nice idea. But here’s what you make the browser bundle do: when you start it up it is pre-set to automatically make contact with your start page: “It looks like TOR is working!” And there’s no way to keep it from doing this without causing tor to not work thereafter. In any event, the average user wouldn’t be able to figure out how. What’s your interest in forcing all tor users to visit that page every time they begin browsing? For those of us who know that tor is just as liable to compromise by military/black op infiltration as any other group, how do you expect us to assume that this mandatory URL launch isn’t intended to establish a starting point for tracking each of us when we go online? Why TF don’t you get rid of this unwanted and potentially revealing mandatory first connection, especially when you take into account no. 3 below? This is way suspicious. And don’t tell us that it “helps us dumb users know if tor is working or not”: I can do that myself by visiting any site I want and looking at the bandwidth graph.

    3. In adition to the above, look what you do: You make the NoScript add-on part of your browser bundle and … get this … YOU SET ITS DEFAULT SETTINGS TO “ALLOW ALL CONNECTIONS.”!!! Do you see what we’ve got here, people? First, you’re forced to connect to a particular web page, and you’re forced to do so with SCRIPTING TURNED ON, which means that your real IP and other user agent data is potentially revealed to whoever can see your script-based traffic to that web page. Your friendly allies at torproject (and almost certainly the military intell and cointelpro entities that run them) all have the means to know your real IP, location, and user agent data when you first begin browsing. So smart. And so evil. And why do we not notice?
    (Do you think you just use the “New Identity” command to get you safely lost again? Don’t count on it. Apparently, that command doesn’t set up a whole new, randomly selected set of 3 nodes for you. It only changes the exit node. And you do know, of course, that the number of nodes out there that are actually run by our friendly paternal surveillance state is likely to be near 100%. They have infinite money, so why wouldn’t this be true? This is especially true for exit nodes. After all, which one of us average folk is REALLY likely to run an exit node and have our commercial ISP see all the “subversive” content come out of our little account? Can you imagine the sh1tstorm of attention you would draw to yourself if you ran an exit? Let’s face it: none of us do it. The only ones who likely DO run exit nodes are either governments or government fronts or government-run assets. If the same is even mostly true of regular nodes, TOR is just one massive honeypot designed to give intel agencies the real down dirty goods on those of us who want to do, read, and communicate in secret. To which much use can eventually be put. … Of course, by the way, don’t think that just because no one gets arrested from doing illegal things on TOR that that means anything. Cops CAN’T be called for anything seen on tor, or the whole honeyput would come down and no one would come near it anymore. Bad people can do bad things on tor and not have the cops find out. That’s not proof that it’s actually successful. That’s because it’s not for cops. It’s for higher order surveillance for higher order purposes. For the State to keep an eye on a certain kind of element. They’re not going to blow the whole charade by busting some kid or some pervert for some merely criminal charge.)

    A handful of open-source programmers have no money. Whereas the military industrial establishment has massive, effectively unlimited resources. Billions of off-sheet cash and everything it buys to get us all to slowly, subversively sell each other out without ever realizing how it happened until it’s too late (which probably ain’t gonna be long from now). In fact, to go further, how certain can we be that TOR hasn’t been owned and betraying all of us for a long time now, if not even from the very beginning possibly?

    Don’t get me wrong: I will still use TOR because it is the only thing we have, but I will do so with the realization that everything I do using it MIGHT be going direct to our masters despite my efforts. And I will always try however I can to figure out how to thwart whatever bits of sabotage they’ve built into the tor system over time, like the first-start script-enabled contact with home base that I already talked about.

    For sh1t’s sake and your own too, ALWAYS assume that your favorite allies in the privacy and anonymity business are compromised. Because they have to be. The State is too rich by trillions of dollars for them to not have tried and for them not to have been successful. It’s too easy for them to kill, cheat, bribe, outwit, and buy off absolutely anyone. (Look at Popular Mechanics magazine vis a vis 911 for one example among many.) The best and main tool we simple, innocent, naive folk have is to look at things with squinty eyes, be suspicious, and cry foul loudly at every turn. Look at the developers funny. Ask ’em “why” a lot. If they’re privacy advocates, they HAVE TO UNDERSTAND that this is necessary. I don’t care if it’s free and they work for nothing. It doesn’t matter. If anyone is to be able to trust that it works, the developers have to accept and EVEN ENCOURAGE suspicion verging on hostility on the part of the users and the public in general. Look at everything our friends and “allies” do, every change they make over time, with maximum suspicion. Connect a few dots every once in a while. Ponder. “How could this or that change screw with my actual privacy while continuing to appear protective?” Speak. Ask questions. Doubt the sincerity of the answers. Ask more questions. Express your doubts and theories. Look at the backgrounds of all key players and look for strange coincidences. Publish them in blog comments and elsewhere. Did developer X work for a military contractor 7 years ago? Is developer Y married to a former member of US Army intelligence? You get the idea.

    Regards, Ragnar

    P.S. The tor project got rid of a brilliant piece of anonymizing software a long time ago, Privoxy. Why would they have done that that? This allowed us to change our user agent string on a per-site basis, among a hundred other things. This is a suspect move. (And I mean explain it without any pitifully childish excuses like “research found it was too difficult for users to understand” or “the original developers stopped upgrading it.”)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s