npdflr: > Thanks Georg and Roger. > > > > I have taken some time to read the links given by Roger and try to understand > various terms related to tracking/privacy on the internet. > > > Basically, I understand that there would be a need to gather some technical > data to keep the Tor network running and also improve the Tor network and if > there is any sensitive data gathered at all then it would be for as short as > time as possible depending on the requirements and also not made public. > > Further, I would like to ask: > 1. Whether any extensions (such as HTTPS, NoScript) or other > technologies/tools in-built (preinstalled) in Tor browser would be gathering > data? > (or in other words: Should I go through their terms or contact them > separately?)
As far as I can tell, no, they should not gather data. If that's the case then this is a bug we should fix. > 2. Can Tor browser or Tor client be used in a commercial environment? (by an > organization or individuals who are self-employed) Yes. There is nothing that speaks against that from the Tor side at least. Georg > Thank you. > > > ---- On Wed, 06 Mar 2019 00:32:00 -0800 Georg Koppen > <mailto:g...@torproject.org> wrote ---- > > > npdflr: >> Hi, >> >> >> Does Tor browser itself collect any data (Technical data, Web activity data, >> Personal data etc)? >> >> >> >> As Tor is a modified Firefox ESR, does Tor browser follow the Firefox Data >> Collection Practice? (https://wiki.mozilla.org/Firefox/Data_Collection) > > No, there is no such data collection by the browser itself. We try > pretty hard to disable things like telemetry and other potential data > collection mechanisms. If we have overlooked something here then this is > a bug we should fix. > > Georg > > > > > > > > > ---- On Fri, 01 Mar 2019 21:13:32 -0800 Roger Dingledine > <mailto:a...@torproject.org> wrote ---- > > > > On Fri, Mar 01, 2019 at 08:00:17PM -0800, npdflr wrote: > >> Does Tor browser itself collect any data (Technical data, Web activity data, >> Personal data etc)? > >> > >> As Tor is a modified Firefox ESR, does Tor browser follow the Firefox Data >> Collection Practice? (https://wiki.mozilla.org/Firefox/Data_Collection) > > > > I believe the answer is no, Tor Browser shouldn't tell anybody else > > any of these things about you. > > > > You can read the Tor Browser design goals here: > > https://www.torproject.org/projects/torbrowser/design/ > > and anything where it reveals your browsing activity would count as a > > bug -- and depending on the type of information leak, could qualify for > > a bug bounty: https://hackerone.com/torproject . > > > > Three caveats to my answer though: > > > > (1) This word 'collect' is confusing, because that word sure makes it > > sound like it includes internal program data structures. The browser > > needs to know something about your web activity while it's loading web > > pages for you, and that by itself isn't harmful. The key question is > > whether it shares that information with anybody else. For this sort of > > user info, we aim to stick to the principle of "no secret databases", > > that is, anything that we gather should be so sanitized, and so safe to > > collect, that we share it with everybody else too. That way we're never > > in the position where attackers might want to break into our systems to > > learn more about our users. > > https://www.freehaven.net/anonbib/#wecsr10measuring-tor > > For browser activity, the obvious simple approach to only publishing > > safe things is to publish nothing at all, which is what we try to do. > > > > (2) I might not be up on the latest Tor Browser moves, so it's possible > > there are some open tickets for disabling telemetry or the like which > > aren't yet fixed. Keeping up with the constant changes to Firefox is tough > > to do perfectly. I'll let the browser team jump in here if they want. > > > > (3) Other places on the Internet could still keep statistics, based > > on your connections to them. I'm thinking in particular of: > > > > (3a) the addons.mozilla.org server, which ought to see just anonymized > > connections over Tor, but that still lets them gather general statistics > > like how many Tor users there are, what extensions they have installed, > > etc. Similarly, the periodic update pings, and update fetches, happen > > over Tor but can still be counted in the aggregate: > > https://metrics.torproject.org/webstats-tb.html > > https://blog.torproject.org/making-tor-browser-updates-stable-and-reliable-fastly > > > > and > > > > (3b) the Tor relays, which see connections from the Tor client that is > > part of Tor Browser. Because of the decentralized Tor design, no single > > relay should be able to learn both who you are and also what you do on > > the Tor network. But they can still collect what they observe about who > > you are. Relays collect and publish aggregate statistics about the users > > they see (but not what they do, because they can't learn that). For much > > more info, see https://metrics.torproject.org/about.html > > > > and > > > > (3c) other researchers might perform experiments using their own > > internet connections to try to answer questions about Tor performance, > > usage, safety, etc. The ones who are doing it right will consider how > > to minimize risks while doing their experiments: > > https://research.torproject.org/safetyboard.html > > > > Hope this helps! > > --Roger > > > > -- > > tor-talk mailing list - mailto:tor-talk@lists.torproject.org > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
