Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Exchanges
Important: Use only Tor Browser as a web browser through Tor!
by
nullius
on 11/03/2018, 23:13:05 UTC
Quote from: HCP on March 11, 2018, 10:56:31 PM
Quote from: nullius on March 11, 2018, 08:59:55 PM
Any suggestions for Tor users whom a merchant redirects by https to a Bitpay invoice page?  I previously followed the instructions on the pertinent Bitpay support page, as described upthread.  Otherwise, Bitpay was inaccessible to me.  Neither BIP 70 nor any other Bitcoin standard is involved.

I soon will need to make a Bitcoin payment at a Bitpay-using merchant who works this way.

Did you try the Bitpay suggestion of "Vanilla Firefox over Tor"? It seems they are claiming that in your situation, you should be able to complete the captcha and see your invoice using this setup:
Quote from: https://support.bitpay.com/hc/en-us/articles/115003014566-Why-can-t-I-pay-a-BitPay-invoice-in-my-Tor-browser-
This captcha issue appears to be specific to the Tor browser bundle and not to Tor in general. Our team has tested and confirmed that vanilla Firefox over Tor presents the Cloudflare captcha correctly and allows users to proceed to payment.

I just tested this... and sure enough, The cloudflare captcha page is displayed in Firefox (over Tor) when the merchant redirects to "https://www.bitpay.com/i/TXID" and it redirected to the bitpay website after completing (NOTE: tested using egifter.com as it is the only bitpay merchant I know!)

It would be just like Bitpay to make such a suggestion!  Of course, I did not try this.  Thanks for trying to help—but I must state the matter plainly:

“Vanilla Firefox over Tor” will kill your privacy.  “Vanilla Firefox” is highly distinguishable from Tor Browser.  It reduces your anonymity set to the negligible number of people who use exactly the same Firefox on the same platform (with the same fonts, etc., etc.) through Tor—likely reducing your anonymity set to 1 right there.  Even worse, it lacks Tor browser’s anti-fingerprinting features—almost certainly letting your anonymity set be reduced to 1.  Although I am not affiliated with the Tor Project and can’t speak for them, I have spent enough time on Tor Project sites and mailing lists to know that their strictly stated official recommendation is to use only Tor Browser for web browsing through Tor.

Please protect your privacy, and do not do this.  I hope that you did not try it with any payment for which you have strong privacy or pseudonymity requirements.


Edit to add:  I would not be surprised if Tor Browser’s fingerprinting resistance is exactly what “breaks” things here.  Cloudflare loves to cavity-search your browser.  Just an educated guess...  caveat.