Tor on 3.1

hello gl.inet community, is the built-in tor function safe? assume high threat model for the purpose of speculation. is anything leaking? is it possible that glinet routers are somehow malicious and this function could compromise my identity?

thank you all

1 Like

The biggest danger is probably how you use your browser. If you have things like WebRTC, Javascript enabled, Tor will not protect you. The way you use your browser tells more about you than anything. Even things like the size of your window, browser information, plugins and extensions can identify you.

ya but in a tor router (or vm) if the malicious website used bad webrtc or bad javascript code, the “true” ip address that they’d uncover would be the router ip address in this case the tor ip address. that is the benefit to using a tor router, so you have isolation and that is why im doing it. so i can use things like javascript

This is not true. You can check the Tails linux distribution. It has system wide tor, same as a router, but they still supply you with a browser that has javascript disabled by default, and even give you a warning when you turn javascript on.

https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html

it is true it is because on tails you are routing the connection through tor on your machine but javascript can go outside of tor. if you use a tor router the javascript code will try to identify you but will see that your “true” connection is tor because you are using router. it is the same with a vm if you are in whonix for example you can use javascript and not be discovered.

The issues with javascript are not for trying to bypass Tor itself, it is things like remotely turning on your webcam, accessing other devices on the network that are also vulnerable and might contain GPS. It is also possible to access information as i wrote before to identify you by how you move your mouse, pc specs, screen size, plugins and your browsing habits. These are all things the NSA and other agencies use when targeting users.

This video also applies to Tor:

If you have a phone on the network; apps and your usage can also identify who you are. You also must have Tor on at all times, at home and away. If you take your phone outside, don’t use Tor, and come home to a Tor router, you have done nothing for your privacy/security.

on AR750 Creta 3.104 looks like its removed TOR function but 3.102 still has it.

Tor is removed for devices with only 16MB flash. Does not have space for it.

On routers with big storage Tor is still there.