Using Tor Browser for 'regular' browsing

Tor Browser has some Tor specific modifications, so using a regular browser with a Tor proxy is less secure than using Tor Browser. That makes sense, obviously.

But how about the other way around?
Tor Browser is essentially Firefox, so it supports profiles and add-ons. Are there any compelling reasons why I shouldn’t create a new profile in Tor Browser, which connects to the internet directly instead of over the Tor network, and where I could install all the add-ons I want for ‘regular’ internet browsing?

I currently use both Tor Browser and Firefox (with 2 different profiles; 1 to connect to the internet directly, and 1 that connects over a proxy + SSH tunnel). I’d like to go back to using just a single browser installation, with 3 profiles (Tor, SSH and direct).

Thanks in advance,
Rob

Step by step guide here its from 2019 so things might have changed. You can install ad ons if you want but it might perhaps damage some of TBB protection benefits

1 Like

That’s appreciated, thanks.

But if it really is safer, as suggested in that blog post, then why doesn’t Mozilla integrate those Tor Browser changes into Firefox…? I have no idea what changes the Tor Project makes to Firefox, but could it be that some of those work well when used in combination with Tor, but make the browser less secure or less stable when used without it?

because Firefox has to adhere to open standards, and users expect sites to just “work” - whereas a special niche browser, such as TB (different threat model), can tolerate breakage and explain it away. Many things that can be turned on are experimental (say in nightly or early beta only), and/or behind a pref, or used in PB mode - and may eventually become the default. Firefox has to wait for the web to not break first - the last thing they want is 1% or 5% of users dropping the browser and moving to chrome, because things just work there. This also includes getting new standards upstream w3c, and removing deprecated moz only stuff

examples

  • HTTP-Only mode (default off) + HTTPS-First (default PB mode)
  • removing old ciphers
  • literally hundreds of other prefs/changes over time

If they enabled HTTP-Only mode by default, users would be inundated with insecure interstitials. If a cipher is dropped too early, too many users have broken sites

5 Likes

And NoScript as a basic addon is also a good example. This will break a lot of sites if you don’t configure it right.