It sounds like its doing what firefox would do.
Do you trust waterfox?
David Lewis
Noah Reed
It's Firefox with a blue logo and a few about:config changes.
Landon Williams
the only web browser without botnet is Tor Browser
use it or get fucked into asshole by CIA
Tor Browser
don't resist, order it now at torproject.org
Justin Edwards
enjoy being banned on every part of the net because the devs are retarded and will activly signal to every website/server that it's tor.
Telling everyone your privacy concerned is like sneaking into a police office but you yell at the top of your lungs that your being sneaky so they shouldn't chase you.
Matthew Miller
are you retarded? Tor Browser uses Firefox ESR user-agent. What better do you propose?
Tor is detected by IP, as tor exit nodes are publicly listed. if it wasn't, any person or corporation could just generate such list by downloading Tor and using a script to visit their IP checker, then change Tor circuit and check IP again, in loop. they would generate 95% complete list fast. I am sure (((some people))) would share unofficial Tor exit node lists on the internet
how do you want Tor to work while not looking as Tor?
not comparable at all. when you use Tor you might tell that you are Tor user, but there is millions of people like you that use it. they don't know why are you using it, if you are paranoid, leftist, nazi, pedo, terrorist, hacker, privacy advocate etc
the more people use Tor, the better for everyone
Chase Young
And still on 56. And backported security fixes. Those two alone make it worthwhile, I can edit about:config myself.
Luke Jones
a piece of software that requires mass adaptation is always sketchy, especially when there alternative would be not sending anything at all and getting the same level of privacy...
Cameron Howard
First off don't make the list public. Even if it has to be scraped, having to programmatically refresh the circuit and send a request to their endpoint is harder than simply scraping an html table, that will deter some people.
Then make sure that there's a subset of exit nodes that aren't usable by any given geographical area and IP subnet, so the attacker has to have access to IPs from different countries and ISPs.
Then make people have to fill a captcha and wait a while to get a new exit node (at least for some of them which are marked as ban resistant).
Make some server IPs temporarily not be given out randomly or when they reach the time of day when they're most loaded.
Find some way to get a large number of IPs for cheap.
Instead of for example not returning Canvas data for fingerprinting (which makes it easy to know you're using Tor Browser) make it send random data that changes with each session and website. So the fingerprinting doesn't become any more harmful than a session cookie.
Send the traffic through Amazon, Google, and Azure servers so sites have to block all traffic coming from VPSs too.
Most of that is already done for Bridges, and some of them aren't blocked even by China. So why can't it be done for exit nodes?
Easton Myers
How exactly do you plan to connect to a website and not give them your IP?
Cameron Nguyen
N