7.0a3 Tor Browser Series -> Defunct in Whonix

Support
7

Test Platform:

Qubes Debian-8 AppVM Test.

Tor Browser Series:

Tor Browser 7.0a3
–debug mode from terminal

Other Settings:

  • Nil AppArmor settings or other hardening to interfere with the test.
  • Whonix-GW was not used, just the standard Qubes networking.

Functional Features:

  • Tor connects correctly.
  • A functional Tor Connection with check.torproject.org (“Test Tor Network Settings”).
  • About Tor Browser shows:

7.0a3 (based on Mozilla Firefox 52.1.0) (64-bit). “You are currently on the alpha update channel.”

  • Add-ons update correctly and the browser restarts fine.
  • Changing the security slider works.
  • DuckDuckGo and other https search engines work.
  • DuckDuckGo .onion search works.
  • Visible Tor Circuit works.
  • “New Tor Circuit for this Site” works.
  • “New Identity” works.
  • General website browsing works.
  • Youtube works. In fact the video seems much smoother than 45.9 ESR.
  • Whonix .onion and whonix.org are very smooth and fast, and those edits are looking fine. :wink:
  • Tested at the medium security level and segmentation faults (see below) seem to miraculously dissapear.
  • The sound works fine. None of the problems reported by some Gentoo Linux (and other platform) users appear for this alpha release.
  • Tested online Javascript gaming (basic) and it’s working nicely. In fact, ESR 52.1 has improved the video quality a lot. It is noticeable.
  • TBB debug output isn’t showing anything strange on the medium security level setting. Just some add-ons update manifest warnings which are nothing to worry about.
  • about:support shows e10s is running:

1/1 (Enabled by default)

  • Safe mode is off (as expected). Diagnose Firefox issues using Troubleshoot Mode | Firefox Help
  • Panopticlick shows (unfortunately) much more data being harvested at the medium level compared to the high security level e.g. Hash of canvas fingerprint, Screen Size and Color Depth, System Fonts, Touch Support Settings, Cookies enabled.
  • Other fingerprinting values are spoofed, but still a unique value is derived.

Browser Crashes:

The only two problems are these below. They are known to The Tor Project and related to this Tor Trac bug:

  • Changing/checking add-ons preferences crash the browser in high-security slider mode:

./start-tor-browser: line 368: 1098 Segmentation fault TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class “Tor Browser” -profile TorBrowser/Data/Browser/profile.default “${@}” < /dev/null

  • Tor Browser also occasionally crashes with the same segmentation fault (randomly) in high security slider mode e.g. when browsing. The output is like that above.

Qubes logs shows the crash in the plug-in container:

Chrome_ChildThr[1295]: segfault at 0 ip 0000000000405167 sp 00007f3102a7c400 error 6 in plugin-container[400000+40000]

Tor Browser Solution:

Running in medium security setting gives a solid and stable browsing experience and no repeat of segmentation faults.

Conclusion:

All in all, I am very pleasantly surprised that this works so well. 52.1 ESR seems to work in Qubes except for (bad) known Tor Project bugs.

In high security mode, this is their worst alpha release yet. But at the medium or low security slider mode, maybe it is their best (I sound like a salesperson). It is a very solid Tor browsing experience and has a nice feel to it given the improved video experience.

None of the other problems as seen in the Whonix AppVM emerge.

Preliminary Conclusion:

Since Tor Browser based on 52.1 ESR is running fine in a Qubes Debian AppVM, this suggests something is wrong with the Qubes-Whonix template settings (potentially also non-Qubes-Whonix, but I don’t run it).

This is probably unrelated to just Apparmor given earlier trials where this variable was removed.

Let me know if you want any further information or tests.