Re: [tor-talk] Data collection by Tor Browser

[Roger Dingledine <arma@xxxxxxxxxxxxxx>]

On Fri, Mar 01, 2019 at 08:00:17PM -0800, npdflr wrote:
> Does Tor browser itself collect any data (Technical data, Web activity data, Personal data etc)?
> 
> As Tor is a modified Firefox ESR, does Tor browser follow the Firefox Data Collection Practice? (https://wiki.mozilla.org/Firefox/Data_Collection)

I believe the answer is no, Tor Browser shouldn't tell anybody else
any of these things about you.

You can read the Tor Browser design goals here:
https://www.torproject.org/projects/torbrowser/design/
and anything where it reveals your browsing activity would count as a
bug -- and depending on the type of information leak, could qualify for
a bug bounty: https://hackerone.com/torproject .

Three caveats to my answer though:

(1) This word 'collect' is confusing, because that word sure makes it
sound like it includes internal program data structures. The browser
needs to know something about your web activity while it's loading web
pages for you, and that by itself isn't harmful. The key question is
whether it shares that information with anybody else. For this sort of
user info, we aim to stick to the principle of "no secret databases",
that is, anything that we gather should be so sanitized, and so safe to
collect, that we share it with everybody else too. That way we're never
in the position where attackers might want to break into our systems to
learn more about our users.
https://www.freehaven.net/anonbib/#wecsr10measuring-tor
For browser activity, the obvious simple approach to only publishing
safe things is to publish nothing at all, which is what we try to do.

(2) I might not be up on the latest Tor Browser moves, so it's possible
there are some open tickets for disabling telemetry or the like which
aren't yet fixed. Keeping up with the constant changes to Firefox is tough
to do perfectly. I'll let the browser team jump in here if they want.

(3) Other places on the Internet could still keep statistics, based
on your connections to them. I'm thinking in particular of:

(3a) the addons.mozilla.org server, which ought to see just anonymized
connections over Tor, but that still lets them gather general statistics
like how many Tor users there are, what extensions they have installed,
etc. Similarly, the periodic update pings, and update fetches, happen
over Tor but can still be counted in the aggregate:
https://metrics.torproject.org/webstats-tb.html
https://blog.torproject.org/making-tor-browser-updates-stable-and-reliable-fastly

and

(3b) the Tor relays, which see connections from the Tor client that is
part of Tor Browser. Because of the decentralized Tor design, no single
relay should be able to learn both who you are and also what you do on
the Tor network. But they can still collect what they observe about who
you are. Relays collect and publish aggregate statistics about the users
they see (but not what they do, because they can't learn that). For much
more info, see https://metrics.torproject.org/about.html

and

(3c) other researchers might perform experiments using their own
internet connections to try to answer questions about Tor performance,
usage, safety, etc. The ones who are doing it right will consider how
to minimize risks while doing their experiments:
https://research.torproject.org/safetyboard.html

Hope this helps!
--Roger

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk