|
[[!meta robots="noindex"]]
|
|
|
- **The *Unsafe Browser* is not anonymous.**
|
|
|
The *Unsafe Browser* does not use Tor. The websites that you visit can
see your real IP address.
|
|
|
This is why we recommend that you:
|
|
|
Only use the *Unsafe Browser* to sign in to a network using a captive portal or [[browse trusted web pages on the local network|advanced_topics/lan#browser]].
|
|
|
Close the *Unsafe Browser* after signing in to the network to avoid using it by mistake.
|
|
|
- **The *Unsafe Browser* can be used to deanonymize you.**
|
|
|
An attacker could exploit a security vulnerability in another
application in Tails to start an invisible *Unsafe Browser* and reveal
your IP address, even if you are not using the *Unsafe Browser*.
|
|
|
For example, an attacker could exploit a security vulnerability in
*Thunderbird* by sending you a [phishing
email](https://ssd.eff.org/en/module/how-avoid-phishing-attacks) that
starts an invisible *Unsafe Browser* and reveals your IP
address to the attacker.
|
|
|
Such an attack is very unlikely but could be performed by a strong
attacker, such as a government or a hacking firm.
|
|
|
Only enable the *Unsafe Browser* if you need to sign to a network using a captive portal.
|
|
|
Always upgrade to the latest version of Tails to fix known vulnerabilities as soon as possible.
|
|
|
We have plans to fix the root cause of this problem but it requires
[[!tails_ticket 12213 desc="important engineering work"]].
|
|
