Tor-ifying PM?

[opera1215b1748]

Do I get it right, to Torify a PM browser one has to change these settings in about:config:

1. network.proxy.socks = localhost
2. network.proxy.socks_port = 9050
3. network.proxy.socks_remote_dns = TRUE

And to be protected one also needs to disable all scripting support (JAVA/JS/Flash)?

[access2godzilla]

(All the addons recommended here do not have unwanted features, so don't keep saying "I'll not install any extensions".)

Why are you using about:config when it can be managed through Tools>Options>Advanced>Network>(Connection frame)Settings? You need to turn on socks5 too. Apart from those, all other settings are fine.

I will give you a piece of advice though: there are many servers which reject connections from Tor, and it becomes a real PITA to turn off and on -- instead, you should use Foxyproxy (Standard) which allows you to specify on which URLs proxies should be used, and where it should not be.

For protection against active content, use Noscript, which allows you to block Javascript, Flash, Java etc. on a sitewise basis. It also comes with protections against XSS and clickjacking.

You should also change your user agent to something more common, for example, the Firefox 24 UA, since Pale Moon is used by a very small number of people and it will make you more identifiable.

Also, do note that the exit nodes can still spy on traffic, so be sure to get HTTPS everywhere as well (although I suppose if the malicious nodes run sslstrip it'll not be very helpful.)

To check your anonymity, use Panopticlick and the test run by Jondonym operators.

[opera1215b1748]

(All the addons recommended here do not have unwanted features, so don't keep saying "I'll not install any extensions".)

See below.

Why are you using about:config when it can be managed through Tools>Options>Advanced>Network>(Connection frame)Settings? You need to turn on socks5 too. Apart from those, all other settings are fine.

I thought it is less error-prone to show the final effect rather than to describe how did I select those check-boxes.

... use Foxyproxy (Standard) which allows you to specify on which URLs proxies should be used, and where it should not be.

A proxy.pac file with proper contents does exactly the same just fine, simply refer to it in the network.proxy.autoconfig_url setting.
No need for an add-on on this one.

For protection against active content, use Noscript, which allows you to block Javascript, Flash, Java etc. on a sitewise basis. It also comes with protections against XSS and clickjacking.

You should also change your user agent to something more common, for example, the Firefox 24 UA, since Pale Moon is used by a very small number of people and it will make you more identifiable.

Yes, I quite aware of the side-effects on anonymity from enabled active content, so it is easier to have a separate instance of a browser - completely stripped and disciplined - to be used with Tor.
I do not want to install yet another one (browser), i.e. the one bundled with Tor, I'd prefer to use PM in proper settings. I still do not use PM for everyday jobs.

To check your anonymity, use Panopticlick and the test run by Jondonym operators.

Yes, a lot of trimming to do to get decent results.

[access2godzilla]

A proxy.pac file with proper contents does exactly the same just fine, simply refer to it in the network.proxy.autoconfig_url setting.

I don't know about you, but "I need to whitelist this site, and now I'm editing JS" is certainly not for me.

it is easier to have a separate instance of a browser - completely stripped and disciplined - to be used with Tor.

No need to use seperate browsers! You can use the profile functionality of Pale Moon to have separate settings; and when Pale Moon starts up, it'll ask you which profile to use. Winkey+R > Type "palemoon -p" (without the quotes) to create, delete and manage profiles.

To get proper anonymity and security it is recommended to use the following extensions:

• Noscript - it's also bundled in the Tor browser, and it's developed by a well known security researcher
• An ad blocking software like Adblock Edge (you can skip this since the ABE functionality of Noscript can also be made to block ads)
• Betterprivacy - deletes Flash cookies on shutdown of the browser
• HTTPS everywhere - enables HTTPS on many sites, also bundled in the Tor browser
• Refcontrol - Control referers on per-site basis

[opera1215b1748]

No need to use seperate browsers! You can use the profile functionality of Pale Moon to have separate settings; and when Pale Moon starts up, it'll ask you which profile to use. Winkey+R > Type "palemoon -p" (without the quotes) to create, delete and manage profiles.

Good to know!

Thank you.

PS
Re Flash cookies: I thought there is an applet in a control panel to manage Flash player behavior. I usually disable all local storage, those anonymity tests were happy about flash cookies in all my browsers.

[access2godzilla]

I thought there is an applet in a control panel to manage Flash player behavior.

There is one, and you can set it to reject all LSOs, but I've had problems with it and found it better to simply dump all cookies after my session ends. YMMV, though.
(Also remember to use private browsing mode, or alternatively, set PM to clear the cookies, cache etc. after the session ends, from Settings>Privacy.)