If nobody uses TOR, then TOR users immediately becomes suspicious and nothing prevents the real world investigation from uncovering them.
Additionally, tor isn't something that every Internet user should be using. I say this because when they get 10 ReCaptchas in a row, then try to log into their bank and have their credit card automatically frozen, then wonder why google search isn't working, then give up and just use Facebook all day anyway, they will definitely not be appreciating the 'anonymity' that we gave them.
Regarding decision making, Mozilla integrating Tor into Firefox does not mean that the Tor Project has to give up its autonomy.
The reason to have a regular browser is that you want those features, and the low latency of a direct connection.
I'd happily use Tor, but the last time I used it (which was ~5 years ago), it was terribly slow for regular browsing (not streaming, or anything considered bandwidth heavy).
The speed is much better nowadays. Unless your unlucky and you circuit has a slow node in it (which the protocol try to avoid if i remember correctly), you should have a decent web browsing experience. Sure, it will be slower than your "normal" connection, but usually not by that much.
Although, if you plan on downloading large files via Tor, you will hit a bandwidth cap fairly quickly. You can look in detail here: https://metrics.torproject.org/torperf.html
Available bandwidth quadruple since 2014: https://metrics.torproject.org/bandwidth-flags.html?start=20...
I typically stay away from Tor when it comes to online banking or finance in general (logging into Amazon with Tor can raise some red flags for example).
In terms of speed, I have noticed personally that Tor has gotten a lot faster. Sometimes you get a slow circuit and have to spawn a new identity / rebuild a new circuit to get a faster one, sort of like 'circuit roulette'.
The rest of my surfing is for fairly innocuous subject matter and using Tor for it would be overkill. Again, Tor would be handy for privately researching general health issues, sexual health issues, mental health issues, etc
Tor is also handy for recon[0] in general too. For me privacy is how you present yourself to the world, and doing recon[0] in a certain community, or (anonymously) 'lurking' in a community is useful before you re-register an account and start posting as the 'real you'.
But maybe you mean if someone using it as the main browsing tool for privacy reasons? This I doubt, since it's indeed slow. I also don't think that Tor is meant to be used as your main browser really.
Tor is also ipv4 so it is a convenient way to get a ipv4 web view inside a ipv6 enabled network, without having to deal with browser plugins or adjust the interface on the machine.
* It permanently tracks the lagging ESR Firefox.
* It puts its users on Tor, which "anonymizes" them but also flags their traffic as interesting.
* It collapses all those users down to a single set of browser releases, making it cost-effective to target exploits to.
Use Firefox if you really like Firefox, but use the most recent version you can possibly get. Mozilla's is not the best-hardened browser.
Use Tor if you really believe in Tor. But use it explicitly, not as part of a browser bundle. Your choice of browser has a significant impact on your operational security; don't let a bunch of volunteers at Tor make that decision for you.
I hope you're conflating two issues here.
You surely aren't recommending users who "believe in Tor" install Tor directly and attempt to manually proxy their favorite browser traffic over it?
Not to say I disagree with your points against using TBB.
Of course, this does compromise anonymity a bit in some respects, since there are probably few people who run chromium on Tor and because it's not as resistant to fingerprinting as the regular Tor browser. That's acceptable to me, as I only use that browser on Tor, and use another browser for things that could potentially leak my real identity.
Debian ships Mozilla's ESR releases by default. I'm sure many shops that prefer stability over latest features also deploy ESR. Judging by how often it gets updated it seems to me Mozilla is pretty diligent at backporting fixes.
My wholly-not-representative-for-the-wider-web statistics say approx. 22% of Firefox UAs are ESR release.
Can anyone advise their opinion on which one would be best to run in a VM? I'm prepared to accept the security compromise of running in a VM, but I do want the ability to store passwords in the browser and save small files in the VM.
Edit: Just signed up for this account over Tor for shits and giggles. Literally my first post and it's dead immediately.
I get that Tor has spammers but I did have to do the captcha to create an account so this seems heavy handed. Seems like there's no way to legitimately post to hn over Tor.
I am on Win10 and it will not allow me to install it in Program Files. If I install it in Desktop, it will keep flagging tor.exe as a virus.
After marking 4 times that the Windows Virus and Threat Protection should restore the exe, i was able to start the browser.
Then the windows antivir went full dystopian mode, and flagged it again. Now it is asking me to reboot the computer to delete tor.exe from the device.
For those that don't know, the Brave browser has Tor tabs, which route through Tor. It also has the standard private tabs. Tor support currently exists only on the desktop Brave browser.
Here is the announcement: https://brave.com/tor-tabs-beta
Brave has been supporting Tor, and running Tor relays to improve the network.
Brave is newer at the game. They have had Tor tabs less than a year. They can do fingerprinting protection and no-script, but it's still a full featured web browser, with a lot of risks. The fingerprinting protection isn't as good as the Tor Browser, and unless they changed something, Javascript wasn't disabled by default in Tor tabs.
The Tor Browser has been around for a while and is meant to be a secure web browser from top to bottom. It has had a lot of development looking to find and fix possible leaks and to ensure security. That is its primary focus, and it is pretty good at it.
If you want to use Tor casually, maybe access an onion site, or just get a big boost in your level of privacy, the Tor tabs in Brave are a nice option. They are really easy to use and give great privacy. It is good for casual Tor use.
If you want (or need) serious privacy, the Tor Browser is a better choice. That is its purpose. It is developed to be hardened for protecting the user and it will provide better protection.
https://brave.com/tor-tabs-beta
To OP - check out the issues, there's a reason it's still in beta: https://github.com/search?utf8=&q=is%3Aopen+is%3Aissue+org%3...
Literally anything is better than Brave, well, maybe not IE.
(There's also the fact that Tor Browser routes everything over Tor, but apparently Brave can do this too now?)
Do bad people do bad things using Tor? Yes. Do political dissidents in oppressive regimes use Tor? Yes.
However the vast majority of people are just ordinary citizens using Tor to access the internet -- the cross-section of Tor users is the same as the cross-section of ordinary internet users.
How do you know? It shouldn't be possible to collect this sort of data.
I transparently use the darknet continuously every day. Multiple home servers owned by me and my colleagues make up a VPN we share with friends and family.
Amongst the trusted recursive resolvers we use there's the DoT v3 onion from Cloudflare. A proxy redirects our traffic for Facebook and DuckDuckGo over the respective onions, same for Debian updates. A next generation firewall inspects our traffic and use Tor for some websites that are censored or geoblocked.
Tor became such a pleasant (and fast, unlike it used to be) experience that it can be used for general anon surfing.
This could then include stored data, VPNs or other company/govt/organisational data that is not accessible via normal web traffic.
Once you get past the controversy TOR hidden services are more like the 1990s web than what you describe.
