3

I'm asking this question because I really want an explanation, I'm not familiar with this type of stuff. When I downloaded the Tor browser it told me not to download torrents because there was an exploit people were using when you do so. I was confused because Tor is looked upon as the safest of browsers.

Why is it unsafe to download Torrents from the Tor browser... If that's the case wouldn't it always be unsafe to download torrent.

So what's safer? Tor Browser? Or a browser with a VPN?

forest
  • 65,613
  • 20
  • 208
  • 262
cmehmen
  • 133
  • 3
  • 3
    You're making a leap in logic and asking 2 very different questions. Torrents by definition make you traceable, thereby defeating the TOR browser protections. Just because this is true does not make TOR somehow a bad browser. – schroeder Oct 26 '16 at 16:42
  • 1
    TOR adds middle points to your route, and those make you more vulnerable to man in the middle exploits. http://security.stackexchange.com/questions/34804/how-safe-is-tor-from-mitm-snooping-attacks As Schroeder indicates, TOR is not a good way to do torrents, so you gain nothing while becoming somewhat more vulnerable. – ghangas Oct 26 '16 at 16:48
  • @ghanas So basically when it comes to torrenting Tor isn't helping you there. Let's say I used a VPN with Tor wouldn't this allow me to be untraceable? or would I still be susceptible to MITM? – cmehmen Oct 26 '16 at 16:53

1 Answers1

4

The Tor project recommends that you don't use Tor for BitTorrent traffic because there are numerous anonymity leaks in the protocol. Even more so, if you only download the .torrent via Tor but open it in a client that's configured for standard non-Tor operation, you've gained essentially nothing in anonymity, as the client will send the tracker information about your download (assuming you're not relying entirely on DHT). The Tor Browser Bundle is principally concerned with anonymity, and that's what it's warning you about.

Security is a different matter. When using Tor, you funnel your traffic through several nodes, and thus open yourself up to a man-in-the-middle attack. This is one of the reasons it's very important to combine Tor usage with HTTPS, which will provide (within the limits of HTTPS, which is to say "mostly") a guarantee that your traffic hasn't been tampered with.

Xiong Chiamiov
  • 9,402
  • 2
  • 35
  • 78
  • Thanks for the reply this did help me understand more. But by a non-tor operation you mean something like BitTorrent? Do I gain any extra security downloading a torrent using TOR with a VPN compared to a normal Browser with a VPN? – cmehmen Oct 26 '16 at 17:05
  • I mean a BitTorrent client that is not configured to download over Tor. In general, the Tor network does not provide extra security at all, only anonymity. And it doesn't actually provide anonymity for BitTorrent. – Xiong Chiamiov Oct 26 '16 at 17:11