Tor Browser running on the Ubuntu startup screen – about:tor
Developer: Tor Project, Inc.
Source code base: gitweb.torproject.org/tor.git
Operating system: Windows XP or later Unix-like (including OS X)
Language: 32 languages
Tor Browser, formerly known as Tor Browser Bundle (TBB), is the flagship product of the Tor project. Modified by the Mozilla Firefox ESR browser, with many security and privacy tweaks made by the Tor Project developers, comes preloaded with TorButton, TorLauncher, NoScript and HTTPS Everywhere extensions and Tor agents. It is open source, free software, green software, and runs on a variety of operating systems, including Windows, Mac OS X, Linux, Unix, and Android.
Tor Browser starts the Tor process in the background and connects to the network through it. Once the program is disconnected, the Tor browser automatically deletes privacy-sensitive data, such as cookies and browsing history.
The Tor browser itself provides SOCKS proxy services, and some applications already use the Tor network. When combined with the proxy server software Privoxy, all HTTP/HTTPS connected applications, and all applications that can set up HTTP/HTTPS proxies, can access the Internet via the Tor network.
Stuart Dredge suggested in the Guardian in November 2013, after a series of global surveillance revelations, that people use the Tor browser to avoid being tapped and to protect their privacy.
Firefox/Tor Browser Attack
In 2011, Dutch authorities discovered the IP address of the administrator of the Tor Onion service “Pedoboard” while investigating child pornography circulating online, and forwarded this information to the US Federal Bureau of Investigation for follow-up. By doing so, the FBI targeted its owner as Aaron McGrath. After a year of surveillance, the FBI launched an operation called “Operation Torpedo” to arrest McGrath and install malware on three Onion service websites managed by McGrath to obtain information about users who visited them. It takes advantage of a fixed vulnerability in the Firefox/Tor browser, so it targets users who do not install updates and have Flash installed. The vulnerability, which allows the FBI to ping users’ IP addresses directly back to their own servers, has exposed the IP addresses of at least 25 U.S. users and many foreign users. McGrath was sentenced to 20 years in prison in early 2014, followed by 18 other users, including a former acting cybersecurity director at the U.S. Department of Health and Human Services.