According to the Tor Project itself, one of the main reasons you should not start installing Adds-on in your Tor-Browser is because you would be breaking the very logic of a system that keeps itself anonymous by the very fact that everyone there was meant to have the very same fingerprint.
No, Tor was not designed to be a criminal’s heaven – and whoever wants to use Tor network for a criminal purpose must face this huge trade off:
One has made oneself a target already. Now, either one accepts the Intelligence Agencies attack on the default-system and trusts the attribution problem created by Tor itself, or one creates a set of specific configurations that are, due to their very manually edited specifications taken out from a criminal forum, able to give an even greater methodology for intelligence to explore.
Let the criminals organize, but do keep track of it: Their specifications are willing to become unique, so unique to be able to say where did one took that from. A matter on how open-source and open-published social engineering is designed.
Despite all that, there are two very particular questions that Tor Project asks its users:
a) Do you really want this graphics?
b) Do you really want more privacy?
And here things become slightly interesting: when we talk about Tor and Dark Web, we talk about a paradigm that is the very opposite from, for example, Mozilla and the Surface Web.
In Mozilla, we are all unique until we install a (trusted please!) Adds-on – mixing ourselves, through them, with other users using the very same functionality.
Are you familiar with this logic? This is one of the very reasons the Tor-Browser is still free and VPNs still need a certain market share to be deemed reliable.
In Tor, we are all equal – until we make ourselves unique through either a specific Adds-on or (also!) a specific configuration. And, in the criminal side of the Dark Web (all Tor is Dark, even though not every darkness is criminal), the SOC Teams have controlled the threats in a highly customized way and which shall meet criminal’s own necessities.
According to Tor Project, even though all Adds-on compatible with Mozilla Firefox shall also be compatible with the Tor Browser, installing any additional Adds-on while surfing on Tor is not recommended.
a) There is no one officially checking those – so to be able to guarantee that, indeed, the Adds-on in case is not a keylogger. As someone comments in a cybersecurity forum, “if an extension has permission to read everything in a page, that can include anything entered into the page”. Your trust on the adds-on is the only thing that makes it differently from a keylogger.
For sure: How can any Adds-on block or perform anything if it does not know where (the remote server problem) the command shall be sent to? The issue here is no different from the so-called VPN logs.
And here comes the complex computer architecture:
How do Adds-On interact with each other is the first question one should ask, so to be able to find out how your command line is solving (who knows if not by a simple matter of timelines) contradictory instructions.
Considering that, Adds-On may be the most handy solutions, but not necessarily the most privacy protective one. Why installing a Tor Adds-on when you could simply and more privately handle a Tor Proxy, for example? Thinking deeper about it but, you are also doing something similar when you allow your Antivirus accessing your disk
According to Tor Project itself, together with the BitTorrent and other peer-to-peer software enabled together with the Tor Browser, Flash Player (yes, the very Flash Player involved in the Cookies polemic) is another way to compromise your privacy on Tor. As BitTorrent, Flash Players also starts a parallel connection in order to operate – a connection that may, indeed, expose your IP address.
Do not forget that behind Tor there is still a Mozilla and that beyond Tor it is still your own computer with your own exposed IP address – things that are commonly mentioned as “Tor’s failures”.
So dangerous is the Flash Player that Tor Project has decided to disable it by default, even though letting you still enable it if you want to, if your privacy knowledge is poor enough to do that or if the social engineering campaign is good enough to convince you to do that.
a) Why criminals working with video files (such as the Child Sexual Abuse Materials – CSAM ones) actually work with the download of CSAM files – and against their own forensic interest.
The Flash-Player IP case might justify why, for example, some very particular kind of criminals manage the Flash-Player by running it locally, rather than simply abandoning it.
Curiously enough, there is another TCP/UDP discussion that Dark Web criminals will start to try to convince each other why they should be involved in any illegal Live-Streaming.
b) Why YouTube does not play in your Tor Browser – making it another very interesting point for a targeted social engineering
c) Why despite hosting one of the most intelligent IT people of this world, the Dark Web is still a place with a very poor graphics
The Tor case is one of those very curious cases that hold the citizen’s eye open almost with a toothpick. Neither Tor nor Tails are magic: And both of them are not responsible for the fact that you do not read ActionScript nor are able to clearly understand how a Browser interacts with an Operating System.
Think about it.