Which is the best way to install Tor browser?

General system Newbie
1

Which is the best way to install Tor browser ?

Should I download the Tor browser bundle from https://www.torproject.org/download/ ?

Or should I install Tor from the repos ?
When I type sudo pacman -S tor [Tab] I get the following list
tor torbrowser-launcher torrential torsocks

I am not sure which one from those I need to install.

I am very eager to use the Tor browser inside a firejail sandbox.
Firejail is already installed & I am using Firefox withing a sandbox successfully.

2

  1. Download only from their official site (which you’ve linked correctly)
    You may want to check signature as well

  2. Run it directly from folder

  3. Don’t change too much settings and it’s window size \ position, because you can be tracked by it, and by default TOR doing good job automatically to randomize it

1 Like
3

Download in progress … Thanks.

1 Like
4

Can you please explain what you mean by that ?
Can I at least maximize the Tor browser window ?

5

No.

If you want to use it for anonymity / privacy, as hard as you can possibly go - don’t touch it, because users can be narrowed down significantly by screen-size when maximized.

I assume you want to hack FBI or something :rofl:

Otherwise just do whatever you want of course! :slight_smile:

Might wanna see that for more in-depth:

1 Like
6

@keybreak
Any problem installing it from the AUR or is it just more trustworthy from the source?

7

Yep, always more trustworthy from the only source, it’s recommended by TOR and common sense :slight_smile:

Of course you can use AUR and check source code yourself…
but come on, it’s pretty big project :laughing:

1 Like
8

It seems that this scenario has been take care of from Tor Browser 9 onwards:

Tor Browser in its default mode is starting with a content window rounded to a multiple of 200px x 100px to prevent fingerprinting the screen dimensions. The strategy here is to put all users in a couple of buckets to make it harder to single them out. That works so far until users start to resize their windows (e.g. by maximizing them or going into fullscreen mode). Tor Browser 9 ships with a fingerprinting defense for those scenarios as well, which is called Letterboxing, a technique developed by Mozilla and presented in 2019. It works by adding white margins to a browser window so that the window is as close as possible to the desired size while users are still in a couple of screen size buckets that prevent singling them out with the help of screen dimensions.

In simple words, this technique makes groups of users of certain screen sizes and this makes it harder to single out users on basis of screen size, as many users will have same screen size.

:onion:

4 Likes
9

That’s pretty cool, haven’t used it in a while :laughing:

2 Likes
10

@pebcak
That’s useful info. Thanks.

1 Like
11

I have used Tor which was downloaded from their site without issues and the update works directly from the program itself.
Never tried the AUR version so not sure how it’s updated.
I rather use Tor from their site than a AUR version.

2 Likes
12

The beauty of the AUR is that it is completely transparent and you can see exactly where the software is sourced from.

So, if you inspect the PKGBUILD file of tor-browser package from the AUR, you will discover that the url from which the program’s binary is sourced is https://dist.torproject.org/

So, the AUR version is from the official site. It’s the same thing, except you install it as a package. Therefore, it is perfectly safe to install Tor with:

yay -S tor-browser

The AUR version works fine and is well maintained and regularly updated. Of course, always check the diffs in the PKGBUILD file when updating, just in case…

3 Likes