To be fair, Torbrowser is great but pretty boring out of the Box. It lacks many possible features and also its search engines are veeery bad (who wants to use Google or Yahoo, if there isn’t a single good onion search engine?)

I want to list some Addons that (possibly) improve Privacy and Security, indirectly or directly, and discuss them.

Direct

Retire.js (Website) (Code)

Warns if Javascript with known security vulnerabilities is loaded. Adds security to NoScript drastically.

GNU LibreJS (Website)

Allows only free Javascript with Whitelist and Blacklist capabilities. Will enhance Security while maybe also having a unique Fingerprint.

Redirect AMP to HTML (Code)

Redirects *.amp to *.html automatically.

LibRedirect (Website)

Redirects shitty tech monopole pages to community-ran privacy frontends. May not be necessary when using Tor, but avoids Tor-Exit-Node Blocks.

Indirect

Add Custom Search Engine (Code)

This is essential, as most cool search Engines dont support the “OpenSearch” standard and thereby cannot be added to the Browser like that.

The following search engines are all hidden services, for sure there are way more on the Clear web. A useful List.

Hidden (to Clearnet)

• DuckDuckGo Images (saves time)
• Some SearX Engine (support OpenSearch)
• PirateBay Onion
• other Torrent Sites: Piratebay, Limetorrents, 1337x
• MetaGer (supports OpenSearch)
• Brave Search (Does NOT support OpenSearch, adds their clearnet engine instead)
• keys.openpgp.org onion
• DarkTea Git

Onion Search

• Ahmia
• VormWeb (“censored” to only contain real sites and no CP)
• Haystack
• Torch
• Sherlock
• OnionSearch

Clearnet (to Clearnet)

• Wikipedia in your language (Supports OpenSearch)
• Sepiasearch for PeerTube (Supports OpenSearch)
• Ifixit
• AlternativeTo
• OpenStreetMap (Supports OpenSearch)
• dict.cc DE-EN (other languages with custom URL)
• Github, Gitlab, Codeberg, …

Without “add custom Search Engine”, all the ones not supporting OpenSearch would not be possible, i.e. most onion search engines and special ones.

SingleFile (Code)

This Extension allows elegant archiving of Websites into a single HTML file.

Functionality

QR (Code)

A simple addon that generates a QR Code of the current URL. Useful for sharing, done locally.

Bypass Paywalls Clean

A security-focused addon that allows to bypass paywalls. It only has permission over a set of URLs, so with every update users need to opt-in to the new permissions. Blocked by Mozilla for some reason, so needs to be installed manually, updates automatically.

Firefox Translations (Mozilla Page) (Code)

Awesome project, using a locally downloaded (and stored) Database for offline Text Translations.

VideoDownloadHelper

Extract web streams to Download Audio and Video from Sites that don’t want to allow that.

Seems to not be opensource? Using the “Extension source viewer” addon in Firefox you can view it anyways.

DownloadAllImages (Code)

Powerful image extractor, allowing you to download all images embedded within a site.

404 Bookmarks (Code)

Useful addon scanning all your bookmarks locally and testing the servers, if the sites are still online. Onion Sites = Bookmark lists, at least for me. Helps a lot to maintain them.

Undo Close Tab (Code)

A simple button with advanced “undo closed Tab” functionality, essential for me

Dark Background and Light Text (Code)

Displays Websites in Darkmode locally. This allows the Darkmode without users exposing nonstandard Settings.

Wayback Machine or others

Allows to view and archive links that are endangered or not available anymore. The InternetArchives “WayBackMachine” may track users by sending every URL to their servers

So these are the Addons I would like to discuss. Some offer more security or privacy, some are indirectly useful and some just make Tor-Browser / Firefox a better Browser than others like Chromium. There are lots more but Torbrower should be kept clean.

Afaik most of them dont even interfere with the Browser components that could be fingerprinted. I tested them using OpenSnitch and they made no unwanted connections, but I will test them again.

Sorry this may well be a very naive question but what about download managers like IDM. It seems that Tor used to support these but no longer does. Is there a reason?

note: I am a tor project core contributor, not an employee

Let’s break this down just a little

• Search engines are being looked at: Review default search engine options (#41835) · Issues · The Tor Project / Applications / Tor Browser · GitLab
  • including mentions of the missing +addsearchengine and urlbar behavior
• uBO is included on tails and in Mullvad browser
  • it will be included in desktop (alpha android wasn’t discussed yet) tor browser at some stage, maybe the 13.5 cycle (we need to get 13 out and fix bugs). The benefits mainly being less attack surface, less resources/fetching (latency/speed). But before we do that we would like to tighten the exposed fingerprinting and ooutbound connections etc
  • harden uBO against fingerprinting (#164) · Issues · The Tor Project / Applications / Mullvad Browser · GitLab

Extensions

We want to really clear about extensions. If they’re not vetted (and we don’t expect users to know or do that), they are a liability/footgun - not just potential fingerprinting, but trust. We plan to add our own badging to extensions: such as bundled (and you can’t disable or remove them, e.g. NoScript, uBO), some label if they contain web-accessible resources, remove “recommended by Firefox” badges, etc

Now some TB backstory. We protect the IP by using tor. We protect against linking traffic by changing the node(s). We protect against cross-site state linking by isolating to first party. We protect against stateless linking by resisting fingerprinting.

So what does adding any of these extensions suggested do in terms of making that better? Nothing, in fact it can make it worse. Not saying that some of these wouldn’t be welcomed, and they may be, such as FF’s translations (needs some assessment), but most are “not great”

for example, IMO (and I am not familiar exactly with each: so assuming)

• retire.js = will increase site breakage, increase complexity, confuse users
• gnu libre.js - who cares, useless noise, people just want websites to work
• redirect
  • amp to html - there are no perfect hard and fast rules to determine this, I also believe google has given up on it (but I may be wrong), and TB doesn’t care (we are already protected). Not saying AMP doesn’t suck - e.g. spreading amp links in social media/forums
  • libredirect - why does TB get to decide to unilaterally change users traffic. Not saying there isn’t some merit
    bypass paywalls
  • not TB’s problem, but do note that PB mode and sanitizing per session helps in some cases
• downloaders
  • not TB’s problem
• 404 bookmarks
  • this is an upstream issue IMO, and only useful for users with loads of bookmarks
• undo close tab
  • UI real estate is limited and we want to keep it clean. surely there are already existing methods to undo close - rhetorical question
• dark background/light text
  • accessibility options should be built in (oh they are, somewhat) or a web standard (getting there) which we need to control to reduce entropy. Not interesting in people who just “prefer” dark

So anyway, none of these help with privacy, tracking, linkability, fingerprinting (not even uBO, but we will do that). And most are out of scope and it is not tor project’s position or right to alter your traffic - you want to go to youtube, go there. And we need to be careful about breakage for the health of the crowd and retain/grow users. I also find the above anecdotal “suggestions” is someone’s “wishlist” they happen to use in non-TB, and they just do not make sense in TB (except uBO at this stage)

/end of post, phew

thanks for your reply!

I am not sure if RetireJS could improve security. It currently is deprecated, so deleting that.

Search Engines would be a huge deal and I would be very happy about a user friendly selection of actually good ones.

The rest, user choice of course. I think some are simply a way to make Freedom easier, and this doesnt mean they should be installed + activated by default. On TB Android you cant change the Addon collection as it resets that, so they are simply not installable, which is very sad. But this may change when Firefox finally becomes open again.

So Libredirect, SciHub, all these things are only a possibility. True, Libredirect may not be needed, apart from what I said, if social media sites or Cloudflare simply block Exit Nodes, which is happening.

Please do make sure to include TBA as it gets sidelined a lot, and the position hiring an Android developer has gone so I’m unsure if that means Tor now has an Android dev or if they still don’t and are no longer seeking to hire one?

the android dev position has been filled, and increased capacity (of people) will help overall, not that android was being neglected because it wasn’t, it’s just a question of priorities and it’s a different beast to desktop (builds, fingerprinting, etc) - e.g. uBO on android would have extra UX considerations - that said, it will probably happen … first steps first

I’m glad to hear it and welcome to the new dev

That is true but perhaps it should be approached in view of the different security slider levels. Such as least breakages in exchange for lesser uBO benefits in Safe mode with acceptance for higher breakage likelihood on Safest, the fact it disables JavaScript will cause breakages on many sites as it is so a few additional breakage risks in exchange for the most uBO benefits possible would be a fair tradeoff in my view. That way Safe mode is still easy from the beginning and Safer mode becomes even safer.

We wouldn’t want to put anything in the “security” slider that wasn’t strictly security related, and it makes it more complicated. What I meant from a UX perspective was users being able to know/see uBO is the cause, how to unbreak, etc (and it’s going to happen for some regardless of uBO filters/settings). Anyway, this is all putting the cart in front of the horse