Ironfox and Tor browser both claims resist fingerprints and protect privacy, but which one should i choose better for privacy?
Threat Model: highest as possible, don’t care usability
These are apples and oranges and that isn’t a threat model.
Tor Browser is also far more effective on desktop.
3 Likes
Personally, I don’t think it’s proper to compare these two in terms of privacy, as the end goals are drastically different.
Disregarding that Ironfox is a phone app and that Tor Browser is primarily used as a desktop program, Tor is what you want to use when you need anonymity. You can’t use Tor the same way you use Ironfox: you should not log in to accounts not created in the Tor Browser (which defeats the purpose), you can’t use BitTorrent properly or download large amounts of files (as it is very slow), and it will be revealed that you’re using Tor (which is risky in some circumstances).
When you say that your threat model is “highest as possible,” it may make sense to delve deeper into physical privacy and security at this point. Digital tools can provide only so much as long as you’re still connected to the Internet. For using a phone, it would involve flashing GrapheneOS, not using biometrics, having a strong passphrase for unlocking, not having a SIM card, carrying the phone in a Faraday bag, and connecting only to public Wi-Fi networks. For using a laptop, it would involve not connecting to the Internet where you live, fully encrypting it, connecting to the Internet through public Wi-Fi networks in randomly chosen locations that are far from one another, booting from a live Tails USB, or using Qubes OS with a dead man’s switch like BusKill, and using privacy screens.
All of that goes beyond just “do I use browser A or browser B” when we’re talking about the highest threat model there is.
For Android, which one privacy better? as you know Tor have Android version
To be fair, Tor Browser is also a phone app.
I would concur with everyone that the OP should read this article though:
4 Likes
I’ve done all this, but I still need to visit some no Javascript websites to get news & infos, i just want full anonymity, Comparison of Tor and IronFox in GOS, CreepJS detection tor seems to have bigger fingerprint leak (gecko), but IronFox leaked part of WebRTC fingerprint(although it closed) If you had detailed report comparing the anonymity of two, that’s will be better
I don’t use BitTorrent, noa any account (except temporary account)
I want to protect me from being assassinated by CIA or MI6, I’m sure they’re looking for me every day, if I fail, I’ll die, I’m trying to prevent potential consequences
So, guys IronFox & Tor which is better in GOS?
1 Like
Tor browser uses TOR network, engineered to make every client looks exactly the same and you can visit onion sites with it, ironfox does not. So TOR is better thaan Ironfox at what it does.
However based on the info you provided in your posts, I would say your opsec is suboptimal.
If your adversaries are state agencies then um… good luck?
Tor Browser doesn’t have many advantages except tor, but IronFox experience bad sometimes unable to connect. It seems there is no answer i want here, i may need to test the two by myself
There is no “highest” threat model. You could throw away all your devices and go into the woods?
2 Likes
Assuming you have a life and death threat model:
No sim or esim and no voip or phone service at all. Keep the phone in airplane mode.
Route all traffic through Tor with Orbot.
Use the Tor browser.
Keeping the user safe is why Tor, Orbot and the browser were created in the first place.
Secure messangers only, for extreme I would use Briar.
Keep your bluetooth, microphone and sensors off.
Set your duress password/pin with a very common value such as “password” or “1234”
Changing your browser will do sweet bugger all to protect you.
I won’t say you don’t know what you’re talking about, but I’m pretty sure you don’t fully understand your own threat model. Diagnosis: paranoia.
Anyway, if you need “full anonymity”, use Tails or Whonix. Don’t waste your time with subpar solutions like relying on just a single browser, whether it’s IronFox or Tor Browser.
2 Likes
I have Pixel 9 now, and camera and microphone has been physically removed/damaged, i keep phone in airplance mode but because my job i have to a data esim in my phone, only use for emergency.
For VPN i use singbox and self-hosted multi-hop(3 node) server to keep secure, toggle server provider per week, I don’t use any messangers to maximize security.
About duress password this won’t work against violent police, I would turn off USB port in settings and throw away the phone at customs or if necessary.
So to me the attack surface is primarily network security instead of physical security, because my phone only has default apps and a browser, Orbot is not helpful to me. I would rather have a browser that is secure enough. The best case scenario is to provide security like Mullvad browser in GOS.
1 Like
I don’t think there have a OS named “Tails” or “Whonix” in Phone, I use Qubes-Whonix in my Laptop, reset every day, I know my threat model well, but I don’t think I shouldn’t use phone, that’s too much
1 Like
Alright, I hope you know what you’re doing. Stay safe.
Why would you even consider Ironfox with your requirements? Both have quite bad security. You will have by far the best security with Vanadium+Orbot. Anonymity would be better with Tor Browser, as long as your browser/device don’t get compromised.
3 Likes
I’m not worried about security, I care more about privacy and anonymity. Vanadium has a rather poor privacy and anonymity, no resist fingerprint, and is also larger (this will increase the attack surface).
I tested the IronFox and Tor browsers, and without considering Tor, the two are quite anonymous(modified settings), and some subtle differences are difficult to tell which one is better, I think this should require further testing
From another perspective, the Tor browser seems to have a better experience on Android, IronFox often unable to connect, but Tor browser default config a bit weak(even Safest) I should use Tor Alpha to manually modify it without affecting the fingerprint to enhance the configuration, which may be possible, hopefully this can be used for anyone with the same problem as a reference
You shouldn’t be changing the settings of either. And the alpha variant of Tor Browser is not recommended as it doesn’t always update timely for security updates and isn’t as rigorously tested for leaks.
Vanadium is fundamentally more secure than any Gecko based browser.
And Gecko on Android is also fundamentally limited in fingerprinting resistance.
You must use Tor Browser on desktop to actually hide with the crowd.
This notably has no per site circuit isolation.
How about Tor Nightly, Gecko resist-fingerprint limited on Android but is better than Vanadium at all, modify config is not always a bad thing, such as implementing Phoenix config on Tor browser etc, but that’s not the point, IronFox seems to be a better choice from this perspective
Vanadium can’t even block Canvas, and modifying Vanadium config or using extension will make it stand out more. I will try to use a desktop browser to access the website as possible, but for Android, Vanadium is not a good choice
Should not be used in production.
Do not do this.
No it isn’t.
Vanadium doesn’t support extensions, and already gives enough information to be very unique.
1 Like