On Mon, 16 Mar 2015 11:48:34 +0100
"Lars Edman @ LinuxSuSE"<lars.edman@xxxxxxxxxxxx> wrote:
>I found they today absolutely discouraged from the use of such a
>"system installation" when using tor as a client. When it came to
>using tor as a node/relay or running a server they referred the
>question to you.
>
>Do you consider this kind of installation insecure?
This is generally considered insecure. There are a few things that the
TBB does that a default Firefox configuration routed through a SOCKS
proxy (Tor) doesn't do.
For example, the TBB has NoScript (blocks JavaScript), HTTPSEverywhere
(forces HTTPS on sites that support it), and the TBB also deletes
cookies, history, and other data upon closing. And I'm sure there are a
few other things that they wrap into the bundle (DNS leaks too); I
don't follow TBB development closely enough to know the specific
details.
These are all security issues. Javascript can be used to uniquely
identify a machine and get your real IP address. If you use HTTP, in
theory, a Tor exit relay can sniff your login credentials. Files on
disk, such as history, cached website files, cookies, can all be used
to identify the sites you visit if your computer were to be inspected.