download files from Viewing videos using Tor Browser & anonimity. In some security guides listed that when you watching videos via Tor your real IP gets or might be disclosed. One of them says "You should turn off media.play-stand-alone and peerconnection.enabled to prevent leaks" or "also you should never use/watch html5 mp3 or another video formats because they use scripts/methods which can bypass Tor protection and disclose your IP directly" or something like that. Is this words worth attention or just regular useless tips? Does videos from casual sites are safe to view via Tor without privacy issues? 1 Answer 1. The Tor Browser developers have designed the Tor Browser to not leak your identity in its default configuration, and you should not need to change any settings. If there are features that can reveal your IP address with Tor's default settings, you should inform the developers. The option media.peerconnection.enabled that you mentioned is already disabled in Tor Browser, and I don't see a privacy reason to disable media.play- stand-alone . I also don't see any reason why you should avoid audio or video in the Tor Browser from a privacy perspective. If there is a reputable source that states this, please add it to your question. You should not play media that requires you to install additional add-ons or applications, such as Flash Player. Not the answer you're looking for? Browse other questions tagged security browsers or ask your own question. Related. Hot Network Questions. Subscribe to RSS. To subscribe to this RSS feed, copy and paste this URL into your RSS reader. site design / logo © 2021 Stack Exchange Inc; user contributions licensed under cc by-sa. rev 2021.8.11.39965. By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy. Download of files via the Tor browser appears to be broken #2077. As reported by @Taipo files uploaded via submissions are unable to be downloaded. The download starts but does not complete. This appears to be specific to TorBrowser as the user was able to download encrypted files via Orfox Browser for Android. The text was updated successfully, but these errors were encountered: We are unable to convert the task to an issue at this time. Please try again. The issue was successfully created but we are unable to update the comment at this time. evilaliv3 commented Sep 1, 2017. It will be worth to investigate this bug by today so to include the eventual bugfix in the coming release. NSkelsey commented Sep 1, 2017. Bug confirmed on v2.70.1 and v2.71.3. In Tor Browser it appears that the files are reaching the backend, but are not correctly written to disk. To me this indicates a failure with the FileSaver, the saveAs API, or something within this path. The same download works on Chromium 59, so this is most certainly a JS+Browser issue. evilaliv3 commented Sep 1, 2017. Could you recheck the following things @NSkelsey ? Does it work on a regular Firefox? Could you try disabling any related Header and retest on the Tor browser? in particular remove cache- control, expires and pragma Have you noticed that the content-disposition header has a multiple " at the end. is this a bug? NSkelsey commented Sep 1, 2017. Firefox 55.0.2 correctly downloads files. I believe the issue is with the interruption from the insecure file download dialogue that occurs when saveAs is called within RTipDownloadRFile and other similar stops in the code base. On js/scripts.js L9797: After downloading the file from the backend, the FileSaver.saveAs before writing a file (which happens to be empty) is interrupted by the following Tor specific dialogue. And the tor browser downloads the file slowly as a part file: However this is from a case where the download was successful. Other pieces of UI like Admin > Customization > Custom Files are also broken when downloading with the TBB 7.0.4 (FF 52.3.0) when the tor browser dialogue is shown. NSkelsey commented Sep 1, 2017. I find this issue to only be partially reproducible on my machine. I saw the failure about 7 times in one session of the Tor Browser and then never again. NSkelsey commented Sep 1, 2017. An interesting observation is that only sometimes is the browser able to provide a preview of the type of file it is about to download: And at least for me, these were the moments when the download failed. NSkelsey commented Sep 1, 2017 • With some research with @evilaliv3 it appears that the download fails when the Tor browser presents what I am going to call the downloadLoadingModal see figure 1. After a user accepts to download content, this failure does not present itself, indicating that the issue with the downloads is only temporary. It is likely that the browser.download.forbid_open_with setting controlled within about:config enables and disables the display of the downLoadingModal because it is not documented within FF's official config docs. Any issues with OrBot are worrying, but far aside our range to debug, as most of the application fails our end2end testing when running on Android platforms. @Taipo if you continue you to encounter the failure, please provide more information here. Figure 1. NSkelsey commented Sep 1, 2017. browser.download.forbid_open_with does not quite dictate the display of the warning. It instead disables the Open With UI seen here. Taipo commented Sep 1, 2017. Any issues with OrBot are worrying, but far aside our range to debug, as most of the application fails our end2end testing when running on Android platforms. How to Download Torrents with Tor? At first glance, this sounds like a great option. Tor has alot of advantages. First, it’s free (which people love). And second, it uses multiple layers of encrypted proxies, so it should be highly anonymous. All these things are true, and Tor can be used as a torrent proxy. But it shouldn’t be, and I’m hoping to convince you why… But don’t worry, there’s a much better alternative for anonymous torrents. Tor’s only advantage is it’s cost (free). But Tor is not the best tool for the job . Not even close. WHAT IS TOR? Tor is a free anticensorship tool, designed to help people around the world communicate safely and access content without restrictions. At it’s core is a series of encrypted proxies, which are routed randomly and layered like an onion. The theory is that if you tunnel your traffic through three or more encrypted proxies, the 1st layer will know your identity, the last layer will know your destination, but no one will be able to connect the two. All Tor proxy nodes are run by volunteers, and the entire network is based on a theory that all Tor node operators are trustworthy (which is unlikely). Even so, Tor is still highly secure, and anonymous. Most people access Tor through the Tor Browser bundle, which is a specially configured version of firefox, designed to easily route all traffic through the Tor network. This is great for visiting a website anonymously (though you will face constant captcha’s anti-spam challenges). CAN TOR BE USED TO DOWNLOAD TORRENTS? The tor network uses layers Socks proxies, so technically any app or software that can connect to a proxy can use Tor. This includes things like Skype, Android, and most desktop torrent clients. But before you rush to setup uTorrent to use Tor, there are a few downsides to consider: 1. Tor is designed to enable free speech and fight censorship, not to download MP3’s. This assessment may seem harsh, but let’s be honest – the volunteers that pledge their time, money, and bandwidth to Tor are doing it in an effort to make the world a better, safer place. Not to help you use uTorrent anonymously. Tor’s bandwidth is severely limited, so from a human perspective, it’s important to save that limited bandwidth for those that really need it. People use Tor every day to speak freely against authoritarian, violent governments, or to publish sensitive articles/blogs anonymously. Tor enables people to expose corruption, abuse, and oppression in relative safety. ​This is incredibly important, and we shouldn’t clog the Tor network with high-bandwidth torrent traffic, which would could literally overwhelm and break the entire system. 2. Your torrent can still leak your true IP when using Tor as a proxy. Researchers in France were able to de-anonymize over 10,000 users attempting to hide their torrents via TOR. They were surprised at how easy it was, and in over 2/3 of the cases, they didn’t actually have to do anything to trace a torrent users’ real IP address. The reason? Tor was only being used to connect to the tracker. Peer connections were routed outside Tor. To be clear, this isn’t Tor’s fault. It means the user either had an improperly configured torrent client (not setup to proxy peer connections). Alternatively, these peers could have been using a torrent client that doesn’t actual support the proxying of peer connections (examples include: Transmission, Tixati). 3. Tor doesn’t support UDP connections (like DHT) so any non-TCP connection can leak your IP. DHT (Distributed Hash Table) has become a core bittorrent technology. Magnet links don’t work without it. But there’s one problem, DHT relies on the UDP transport protocol, and Tor can’t handle UDP connections. Some torrent clients might just disable non-supported functions. But most will simply ignore your proxy settings for UDP, and route them outside the Tor tunnel (and leak your real IP address to all DHT peers). Yikes! 4. Tor is slow… Really slow. Have you ever tried to stream HD video over Tor? It’s not pretty. You’ll be lucky to get 480p resolution (non-HD). If you have a fast connection (10mbps+) you won’t get anywhere near you maximum download speeds if you try to run your torrents through Tor. Isn’t the whole point of torrenting to get content quickly and conveniently? Downloads that take all day should be a thing of the past. THE BETTER CHOICE: TOR ALTERNATIVES? So if Tor isn’t a good choice for anonymizing your torrents, what are the other options? Well there’s two: Zero-Log VPN service: (best choice) — We recommend NordVPN or Zero-Log Socks5 proxy: (less secure) And don’t worry, you don’t really have to choose one or the other. Because several VPN providers (including NordVPN and PIA) include Socks proxy service with every subscription. Woot! Tor vs. VPN. A VPN Service () will route all of your internet traffic through a 3rd-party owned by your VPN service (changes your public IP address). All traffic will also be encrypted with extremely strong 128-bit or 256-bit (depending on your settings). This provides protection from the two main ways torrents are monitored: By your public IP address in torrent swarms (they will see your VPN service’s IP instead) Your ISP monitoring your traffic directly (the encryption prevents your internet provider from reading your traffic.) It’s important that you choose a non-logging VPN. If the VPN provider keeps connecition or activity logs, they could voluntarily share your previous connection history (what IP addresses you used). If the VPN keeps no logs, this is impossible. Here’s how a high-quality VPN compares to Tor: VPN Tor Encryption Mode Encrypts all your internet traffic (including p2p) Encrypt one app at a time (such as a Torrent Client) Encryption Strength 256-bit AES 128-bit AES Server/Exit Node Location You Choose Random Speed Fast (up to 95% of your normal internet speed) Slow. Usually 1-5mbps Weaknesses Can leak IP address if the VPN fails (use a kill-switch to fix). Can route peer, tracker connections outside the proxy Setup Difficulty Easy Hard. And most importantly: a VPN service isn’t vulnerable to the same ‘Bad Apple’ attacks the researchers used on Tor users to deanonymize 10,000 bittorrent file-sharers. As long as you choose a non-logging VPN provider (and you trust them), your torrent activity should be nearly 100% untraceable. Which VPNs are best? Any torrent-friendly VPN that doesn’t keep logs will meet the basic privacy requirements. Of course…we’ve got higher standards, and two VPN providers really stand out from the crowd. #1 NordVPN (VPN + Proxy + VPN-Over-Tor) No Logs. Works w/ Netflix Proxy Included $2.99/month (special offer) NordVPN is an excellent choice for Torrent-fanatics, and they’re surging in popularity thanks to their unbeatable combination of features and price. NordVPN is a true zero-log VPN provider based in Panama (privacy haven) with some pretty unique features built into their software: SmartDNS/Netflix Support: Unblock Netflix, Hulu, and 50 other services automatically. Netflix blocks most VPNs. NordVPN works flawlessly. P2P-optimized servers: Fastest speeds and unrestricted peer availability in torrent-safe locations. 10 of these server locations have SOCKS5 proxy servers too. VPN-Over-Tor: That’s right. You can choose to run your VPN connection inside the Tor network ​ with a single click. Maximum privacy. 30 day, 100% Refund: Try NordVPN risk-free for an entire month! ​We’ve also written a complete NordVPN setup guide to show you step-by-step how to use their service to download torrents anonymously with any torrent client. It’s also a full review and overview of their service. #2 Private Internet Access. So far, Private Internet Access is the only VPN who’s non-logging claims have been tested in court (they passed). PIA refused to hand over IP evidence to the FBI, stating that they didn’t have any records or logs to hand over. ​That’s the closest thing to a 100% no-log guarantee we’ve found, and just 1 of many reasons why PIA topped our list of the best bittorrent VPNs for different 3 years. If you wanted a shorter-term plan (1 year or less) then PIA will be cheaper than NordVPN, and still has all the essential features: No Logs. Verified in court. Socks5 proxy server included () Adjustable VPN encryption strength (optimize your speed) Works with uTorrent, Vuze, Deluge, QBittorrent, and every major torrent client. We’ve even got a setup guide. And it’s only $3.49/month if you buy a 1-year subscription. Read our review too, it’s a great intro to their service. No Logs. Proxy Included $3.49/month 7-day refund policy. HOW DO YOU USE A VPN FOR TORRENTS? There is no complicated setup required to torrent anonymously with a VPN. Simply download your VPN providers’ software on your device (most have a custom app for Windows/Mac/iOS/Android). Then just choose a server location (we recommend the Netherlands. ​Click ‘Connect’ and you’re good to go! Socks5 Proxy vs. Tor. On this site, we also recommend using a zero-log Socks5 proxy as a way to anonymize your torrents. It will change your torrent IP address and give you nearly 100% of your normal ISP-assigned speeds. The downside is using a proxy to anonymize your torrents requires manual setup in your torrent client of choice. Also, some torrent clients will route peer connections outside the proxy tunnel (bad). But how does Tor compare to Socks5 proxies? Well, Tor is actually a network of layered Socks5 proxies. So instead of using a single proxy server, Tor will route your traffic through 3 proxies, with 128-bit encryption on each layer. It’s far more anonymous than 1 Socks proxy, much MUCH slower. The main advantage of Tor vs. a Socks5 torrent proxy is the added encryption. Most Socks5 proxy services offer no encryption whatsoever. Encryption prevents torrent throttling. It also stops your Internet Provider from monitoring your torrent traffic. But Tor still has all the insecurities of any Socks5 proxy setup for torrents (some peer connections may be routed outside the proxy tunnel, exposing your real IP address). That’s why the best setup is to run a Socks5 proxy inside a Zero-Log VPN tunnel. The proxy will allow your torrent client and web browser to use a separate IP address (Torrent client will have the proxy’s IP address, all other Apps wil use the VPN’s IP). Under this dual layer setup, if a peer connection is routed outside the proxy tunnel, it will only expose the VPN’s IP address (still anonymous). And this setup offers much stronger encryption than Tor and is much faster than Tor . And best of all, you don’t need to buy VPN service and proxy service separately. Several VPNs include both in a single unlimited subscription. Proxy Setup Guides. We have Socks5 proxy setup guides for most major torrent clients. This can be used with a Paid Socks5 torrent proxy service, or even used with Tor (not recommended). CAN A ‘FREE’ VPN BE USED INSTEAD OF TOR? Our guide to ‘Free VPNs for Torrenting’ concluded that their aren’t any reputable free VPN services that allow torrenting (without restrictions). They will either actively all p2p connections, or cancel your account if you try. ‘Free’ services also have other issues: Most importantly, they tend to keep extensive logs of your connection history and online activity (in other words, you’re not anonymous). Also, Free VPNs are slow (because bandwidth is the largest expense for a VPN service). These free services tend to make money in other ways, like injecting ads into your web-browsing or selling your online activity/demographic information to advertisers. Do yourself a favor, get a ‘Real, Torrent-Friendly’ VPN service. You’ll thank us later. TOR STILL HAS A GOOD USE FOR P2P/TORRENTS. The Tor browser can still be useful, just not for the actual torrent downloads. Many people use Tor to access their favorite torrent sites. This creates an additional layer of security, between you and your torrent downloads. With Tor, even your VPN provider couldn’t figure out what sites you were visiting (not that they care). Tor also allows you to have a separate IP address for downloading of the ‘.torrent’ file, vs the actual p2p sharing of the file being torrented. Using Tor will also make it nearly impossible for a school or public wifi to block your torrent searches. The Tor browser is available for Windows/Mac machines. You can even access Tor on Android devices, using Orbot + Tor Browser. David Barnes. David started torrenting before it was cool. He enjoys hiking, strategy games and eats watermelon year round. He still rocks his Napster t-shirt once a month. Downloading files using Tor. I understand that if I download an untrusted file containing a script it could reveal my IP address. However, I want to know if my IP address is still completely hidden if I download a web based email attachment such as Word, Excel or other file that I trust? 3 Answers 3. Ah, trust, that fickle thing. Tor provides for the download part. A download is: to obtain a sequence of bytes. What you do with these bytes is then completely up to you. Some sequences of bytes encode executable instructions that a computer will be eager to run. Executable files, scripts. fall in that category. If the file you download contains instruction, and these instructions have been designed to be hostile to you and your anonymity, and you execute them nonetheless, well, then you get what you asked for. The warning popup displayed by Tor is a kind of disclaimer: it reminds you that the magic of Tor stops at the downloading, but does not guarantee that the file you obtained is not full of nastiness. Now for Word documents. Theoretically, a Word file contains the description of a written document, possibly with pictures; but, in practice, a Word document can embed just about anything, including executable applications. Word also supports a complex system of macros, which are, by any reasonable definition, a programming language. Thus, "opening" a Word document is quite akin to running a script. And, indeed, macro virus do exist. Even with macros disabled , some nifty attacks against anonymity can be performed with Word files. For instance, Word documents can be signed. Word will want to verify this signature, which means first validating some X.509 certificates, which in turn may make your computer download some intermediate CA certificates and/or CRL by following URL found in the certificates themselves. As such, a Word document which you merely open may imply network activity to target names that are embedded in the document (well, in certificates which are embedded in the document). The nice part is that these accesses will be performed by some system components which may completely disregard your browser configuration -- thus happening outside of the Tor umbrella. Goodbye anonymity ! So don't open potentially hostile Word documents. However, if you trust the file, then there is no problem, yes ? At least as long as you can be sure that the file you got is really the one you believe it is. Amusingly enough, digital signatures can help you there, but the mere act of verifying the signature can entail activity which makes you totally non-anonymous, as explained above. Downloading files using Tor. I understand that if I download an untrusted file containing a script it could reveal my IP address. However, I want to know if my IP address is still completely hidden if I download a web based email attachment such as Word, Excel or other file that I trust? 3 Answers 3. Ah, trust, that fickle thing. Tor provides anonymity for the download part. A download is: to obtain a sequence of bytes. What you do with these bytes is then completely up to you. Some sequences of bytes encode executable instructions that a computer will be eager to run. Executable files, scripts. fall in that category. If the file you download contains instruction, and these instructions have been designed to be hostile to you and your anonymity, and you execute them nonetheless, well, then you get what you asked for. The warning popup displayed by Tor is a kind of disclaimer: it reminds you that the magic of Tor stops at the downloading, but does not guarantee that the file you obtained is not full of nastiness. Now for Word documents. Theoretically, a Word file contains the description of a written document, possibly with pictures; but, in practice, a Word document can embed just about anything, including executable applications. Word also supports a complex system of macros, which are, by any reasonable definition, a programming language. Thus, "opening" a Word document is quite akin to running a script. And, indeed, macro virus do exist. Even with macros disabled , some nifty attacks against anonymity can be performed with Word files. For instance, Word documents can be signed. Word will want to verify this signature, which means first validating some X.509 certificates, which in turn may make your computer download some intermediate CA certificates and/or CRL by following URL found in the certificates themselves. As such, a Word document which you merely open may imply network activity to target names that are embedded in the document (well, in certificates which are embedded in the document). The nice part is that these accesses will be performed by some system components which may completely disregard your browser configuration -- thus happening outside of the Tor umbrella. Goodbye anonymity ! So don't open potentially hostile Word documents. However, if you trust the file, then there is no problem, yes ? At least as long as you can be sure that the file you got is really the one you believe it is. Amusingly enough, digital signatures can help you there, but the mere act of verifying the signature can entail activity which makes you totally non-anonymous, as explained above.