Threat modeling 101

privacyguides · Nov 1, 2023 · 5cdda4a · 5cdda4a
1 parent 2a557cf
commit 5cdda4a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 7 deletions.
diff --git a/docs/advanced/tor-overview.md b/docs/advanced/tor-overview.md
@@ -8,7 +8,7 @@ Tor is a free to use, decentralized network designed for using the internet with
 
 ## Safely Connecting to Tor
 
-Before connecting to Tor, you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
+Before connecting to [Tor](../tor.md), you should carefully consider what you're looking to accomplish by using Tor in the first place, and who you're trying to hide your network activity from.
 
 If you live in a free country, are accessing mundane content via Tor, aren't worried about your ISP or local network administrators having the knowledge that you're using Tor, and want to help [de-stigmatize](https://2019.www.torproject.org/about/torusers.html.en) Tor usage, you can likely connect to Tor directly via standard means like [Tor Browser](../tor.md) without worry.
 
@@ -48,21 +48,21 @@ Determining whether you should first use a VPN to connect to the Tor network wil
 
 ## What Tor is Not
 
-Tor is **not** a free VPN:
+The Tor network is not the perfect privacy protection tool in all cases, and has a number of drawbacks which should be carefully considered. These things should not discourage you from using Tor if it is appropriate for your needs, but they are still things to think about when deciding which solution is most appropriate for you.
+
+### Tor is not a free VPN
 
 - Unlike Tor exit nodes, VPN providers are usually not actively [malicious](#caveats).
 - As we've alluded to already, Tor is also easily identifiable on the network. Unlike an actual VPN provider, using Tor will make you stick out as a person likely attempting to evade authorities. In a perfect world, Tor would be seen by authorities as a tool with many uses, but in reality the perception of Tor is still far less legitimate than the perception of commercial VPNs, so using a real VPN provides you with excuses like "I was just using it to watch Netflix," etc.
 
-Tor Browser is also **not** the most *secure* browser:
+### Tor Browser is not the most *secure* browser
 
 - Anonymity is at odds with security: Tor's anonymity requires every user to be identical, which creates a monoculture (the same bugs are present across all Tor Browser users). As a cybersecurity rule of thumb, monocultures are generally regarded as bad. Security through diversity (which Tor lacks) provides natural segmentation by limiting vulnerabilities to smaller groups, and is therefore usually desirable, but this diversity is also less good for anonymity.
 - Tor Browser is based on Firefox's Extended Support Release builds, which only receives patches for vulnerabilities considered *Critical* and *High* (not *Medium* and *Low*). This means that attackers could (for example):
 
     1. Look for new Critical/High vulnerabilities in Firefox nightly or beta builds, then check if they are exploitable in Tor Browser (this vulnerability period can last weeks).
     2. Chain *multiple* Medium/Low vulnerabilities together until they get the level of access they're looking for (this vulnerability period can last months or longer).
 
-These things should not discourage you from using Tor if it is appropriate for your needs, but they are still things to consider when deciding which solution is most appropriate for you.
-
 ## Path Building to Clearnet Services
 
 "Clearnet services" are websites which you can access with any browser, like [privacyguides.org](https://www.privacyguides.org). Tor lets you connect to these websites anonymously by routing your traffic through a network comprised of thousands of volunteer-run servers called nodes (or relays).

diff --git a/docs/basics/vpn-overview.md b/docs/basics/vpn-overview.md
@@ -50,7 +50,7 @@ However, VPNs can **never** protect you from themselves. Your VPN provider will
 
 Maybe, Tor is not necessarily suitable for everybody in the first place. Consider your [threat model](threat-modeling.md), because if your adversary is not capable of extracting information from your VPN provider, using a VPN alone may provide enough protection.
 
-If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. We've written more about this subject on our [Tor overview](../advanced/tor-overview.md) page.
+If you do use Tor then you are *probably* best off connecting to the Tor network via a commercial VPN provider. However, this is a complex subject which we've written more about on our [Tor overview](../advanced/tor-overview.md) page.
 
 ## Should I access Tor through VPN providers that provide "Tor nodes"?
 

diff --git a/docs/tor.md b/docs/tor.md
@@ -43,7 +43,11 @@ Tor works by routing your internet traffic through those volunteer-operated serv
 
     Before connecting to Tor, please ensure you've read our [overview](advanced/tor-overview.md) on what Tor is and how to connect to it safely. We often recommend connecting to Tor through a trusted [VPN provider](vpn.md), but you have to do so **properly** to avoid decreasing your anonymity.
 
-There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android. In addition to the apps listed below, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser.
+There are a variety of ways to connect to the Tor network from your device, the most commonly used being the **Tor Browser**, a fork of Firefox designed for anonymous browsing for desktop computers and Android.
+
+Some of these apps are better than others, and again making a determination comes down to your threat model. If you are a casual Tor user who is not worried about your ISP collecting evidence against you, using apps like [Orbot](#orbot) or mobile browser apps to access the Tor network is probably fine. Increasing the number of people who use Tor on an everyday basis helps reduce the bad stigma of Tor, and lowers the quality of "lists of Tor users" that ISPs and governments may compile.
+
+If more complete anonymity is paramount to your situation, you should **only** be using the desktop Tor Browser client, ideally in a [Whonix](desktop.md#whonix) + [Qubes](desktop.md#qubes-os) configuration. Mobile browsers are less common on Tor (and more fingerprintable as a result), and other configurations are not as rigorously tested against deanonymization.
 
 ### Tor Browser
 
@@ -73,6 +77,8 @@ There are a variety of ways to connect to the Tor network from your device, the
 
 The Tor Browser is designed to prevent fingerprinting, or identifying you based on your browser configuration. Therefore, it is imperative that you do **not** modify the browser beyond the default [security levels](https://tb-manual.torproject.org/security-settings/).
 
+In addition to installing Tor Browser on your computer directly, there are also operating systems designed specifically to connect to the Tor network such as [Whonix](desktop.md#whonix) on [Qubes OS](desktop.md#qubes-os), which provide even greater security and protections than the standard Tor Browser alone.
+
 ### Orbot
 
 !!! recommendation