So like a lot of sysadmins and cyber security experts I talk to laugh at hackers who use Anonsurf on Parrot OS and I wanted to ask why that is and what the problem with using it is for anonymity? I want to know your opinion as experts on TOR. I’m looking for expert advice on this. Is there a way to mitigate the risk from Anonsurf? What are the risks? is it that anonsurf is bad or that its not enough on its own?
I think the criticism of Anonsurf is partly justified, but also often exaggerated.
From what I understand, the real issue is not that Anonsurf itself is “malware” or useless, but that many users treat transparent Tor routing as if it magically makes the whole system anonymous.
Anonsurf can route traffic through Tor, but it does not solve:
-
browser fingerprinting
-
application leaks
-
bad OPSEC
-
identity correlation
-
lack of isolation between apps/services
And many pentesting tools generate very unusual traffic patterns anyway.
So I think the bigger problem is the security model. A normal Linux desktop with transparent Torification is fundamentally weaker than something like Tor Browser, Whonix or Qubes+Whonix, where isolation is part of the design.
That said, I also don’t think Anonsurf is completely useless. For experiments, generic CLI traffic, testing, or temporary routing through Tor, it still has legitimate use cases.
The dangerous part is the false sense of anonymity.