0

If I use Tor to access "regular" internet sites, like Yelp, Amazon, and others to leave reviews, will I be I 100% anonymous? (Without changing my IP and MAC addresses?)

forest
  • 64,616
  • 20
  • 206
  • 257
Just Askin
  • 17
  • 1
  • 2
    There is no such thing as 100% secure/anonymous/protected. Asking other people whom you do not know personally if something is "good enough" is folly. – 0xSheepdog Feb 24 '18 at 02:26
  • I wonder, how long will we have to beat our heads against a brick wall explaining that until you are completely *off the grid*, you can't be anonymous. There will *always* be traces of you, somewhere. Whether or not you use Tor is irrelevant. I also wonder, how long will we have to beat our heads against a brick wall explaining that while you're transmitting signals which can be traced directionally, or via a physical connection, the signals you're transmitting can be traced... You want "100%"? Think about it... – autistic Feb 24 '18 at 04:40

1 Answers1

2

The short answer is "maybe". It depends on what you've done in the Tor browser, and what forms of anonymity you're trying to achieve.

For example, if you sign in to a site (say, to leave a review), the site won't be able to tell where you're signing in from (which it normally can deduce from your IP address), but it will certainly know who you are, at least to the level of your account details (because you just signed in with that account). If you avoid signing into anything, you will theoretically be anonymous, but if you move from one page to another, there's still always a risk of a pattern being recognized (even though the requests come from different IPs and in theory you won't be picking up tracking cookies or anything) if, for example, very few users would be likely to visit those specific pages using Tor within a narrow timeframe (Tor exit nodes - the IP addresses that servers see when you use Tor - are generally well-known, so you can hide which Tor user you are but you can't hide that you're using Tor). True anonymity is hard.

Not directly relevant to your question, I think, but you should be aware that security and anonymity are not the same thing. A breach of security (for example, due to a bug in the Tor browser, which has happened before) can lead to a breach of anonymity (for example, by fingerprinting your computer and sending that data to another server, or by sending a network request that is not routed through Tor and hence reveals your real IP address). Security breaches can also lead to other things, like logging keystrokes, accessing files on your machine, infecting other programs, sending email to all your contacts, and so on. The Tor project takes security quite seriously, but it's also a very tempting target - lots of people looking for ways to compromise it, and see what its users are up to - and there's no such thing as being "100% secure" with any piece of software as complicated as a modern web browser.

forest
  • 64,616
  • 20
  • 206
  • 257
CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • Tor browser provides first-party isolation which ensures, among other things, that one website cannot affect the behavior of other websites. As third-party cookies are also blocked and the exit IP changes based on tab and not the domain of individual resources, there's generally little inter-website communication risk. More advanced attacks are required to link a user going on one website to another, though of course it's still better to restart the browser to change identities to be sure. – forest Feb 24 '18 at 03:49
  • @forest Correct, but that's why I said one *page* to another, rather than one *site* to another. If you move from, say, one product on Amazon to another, Amazon can still track you even if you aren't signed in. It won't *know* who you are, but it might be able to guess based on (for example) the specific pages you visit, especially if it uses intra-domain tracking to realize you are the same user. For something like Amazon, tracking like that is unlikely to be effective, but less-active sites may allow for more recognition of individual use patterns. – CBHacking Feb 24 '18 at 07:47
  • Ah I get what you mean now. I guess the point is moot as Tor browser does not attempt to isolate connections for the same site. It actually keeps the circuit open for longer than 10 minutes for any given site (e.g. if I'm on StackExchange with Tor and don't leave for longer than 10 minutes, I'll exit from the same IP for hours). – forest Feb 24 '18 at 07:49
  • Ah, I didn't actually know that part. Makes sense, though. Thanks for the info! – CBHacking Feb 24 '18 at 09:10