add Tor Browser first startup popup to ask whether security slider should be set to safest

Work on SecBrowser inspired me.

We could have a copy of /usr/bin/torbrowser (by Whonix developers):

• desktop file (start menu entry)
• a wrapper around /usr/bin/torbrowser (called /usr/bin/hardened-torbrowser or so) that sets an environment variable TBB_HARDENING=true or so which then results in copying the settings file which sets the security slider to the highest setting by default.

Users could choose in start menu:

• [1] maximum security Tor Browser (AnonDist), and
• [2] maximum usability Tor Browser (AnonDist).

Currently there is only one start menu entry [3] Tor Browser (AnonDist).

Above three names are awful. AnonDist never really took off. But for legal reasons we must somehow we need to make clear that this starter

is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

Better naming suggestions for the start menu entries welcome!

One goal is, [1] should start with an earlier alphabetic letter than [2] so it is higher placed in start menu.

As for the actual settings file, how to technically implement this, what kind of settings file would be required for this is not known yet. See this this post and thread for discussion: SecBrowser: A Security-hardened, Non-anonymous Browser

Reference Security Slider:

• https://www.whonix.org/wiki/Tor_Browser#Security_Slider
• https://www.whonix.org/wiki/Tor_Browser/Advanced_Users#Security_Slider_Design

Implementation is still unclear to me.

The problem is, there is probably little point to alternate in a single VM from [1] to [2] and vice versa. In theory, ever starting [2] in the same VM messed up the “theoretic security level” of that VM (or at least of that browser profile).

approach [A]:

two distinct folders

• ~/.tb/tor-browser
• ~/.tb/hardened-tor-browser

Wasteful in disk space.

Not messing up “theoretic security level” of that browser profile (assumes apparmor would contain it) but of the VM.

approach [B]:

• Once [1] was ever started, set a state file which prevents [2] from ever starting to avoid mistakes?
• Once [1] was ever started, remove start menu entry for [2]?

And vice versa?

• Once [2] was ever started, set a state file which prevents [1] from ever starting to avoid mistakes?
• Once [2] was ever started, remove start menu entry for [1]?

Will the security level be locked, or could the user still change it? if unlocked, and those are only defaults, user lower the slider of the “security focused” to lowest level when he moves to a site that requires it or change the slider of the “usability focused” to the highest, instead of moving from one browser to another (read: the distinction between the browsers is too easy for user to break by mistake). If changed, will the last state be saved? if so, then the names won’t mean much anymore. If it won’t, we change functionality of Tor browser.

I think changing menu items or blocking them based on first click may seem peculiar (where did this menu item go? I am sure it was here just a second ago…).

I never understood the Tor browser naming in Whonix. In the menu, we have both “Web Browser (browse the web)” and “Tor Browser (Anondist)”. At the task bar it’s “Web Browser (browse the web)”. The window caption in both cases is “Tor Browser”.

Indeed this would cause some concerned confusion.

Not locked. User could still change. I don’t intent to add restrictions or any modifications inside Tor Browser.

• artificial restriction are bad
• not easy to implement even if I wanted I am not sure I could implement in reasonable time

I see. So someone who started [1], changes settings and then starts [1] again might expect being back to maximum security settings, which would not be the case.

On reflection the two start menu entries approach seems weird indeed.

Indeed.

It’s explained in the original post.

approach [C]:

• Keep the usual singular start menu entry for Tor Browser but on first start of Tor Browser ask the user something like this (wording suggestion welcome):

Window title:

First start of Tor Browser (AnonDist) - Security vs Usability Trade-off

Window content:

Would you like to start Tor Browser with its security slider setting set to maximum?

This would provider better security at expense of worse usability.

…

Question:

Yes|No

[default no]

I will edit this post with better text. Will lend/rewrite text from https://www.whonix.org/wiki/Tor_Browser#Security_vs_Usability_Trade-off

Disadvantage: this question could be nagging in Qubes-Whonix DispVMs. For partial relief, see below.

It would be very easy (and would definitely be implemented) to allow users to preseed (answer preemptively) this question with an settings that could be put into a drop-in config file.

Excellent feature in my opinion, assists in remembering to take care of this option when setting up a new VM.

Whonix Browser? We’ve already decided that the Whonix brand is exclusively anonymity related and so we’re not putting it on any hardened (but non-anonymous) products’ labels. The homepage disclaimer should then cover the warrnaty disclaimer stuff.

Since we are not modifying the core code or functionality in any way I don’t think we should go the extra mile of new icons for this version, unlike SecBrowser.

Thanks to @0brand figured that out in this post TODO research and document - How to use Tor Browser for security not anonymity? How to use TBB using clearnet? …

… this is now implemented.

And will come later through upgrades.

First Start of Tor Browser (AnonDist) - Security vs Usability Trade-off

In the stock Tor Browser configuration, JavaScript is enabled by default for greater usability. The Tor Project provides a rationale for this decision.

The producers of Tor Browser decided the security slider setting to be set to “Standard” by default. Quote Tor Browser Manual:

You can further increase your security by choosing to disable certain web features that can be used to attack your security and anonymity. You can do this by increasing Tor Browser’s Security Settings in the shield menu. Increasing Tor Browser’s security level will stop some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
This popup question does not restrict your freedom to change security slider settings at any time.

Responsible for this popup question is Tor Browser Starter by Whonix developers. It is an usability feature, which might break in future. Therefore the user is advised to verify that the security slider has the expected setting. Please donate!

Preseeding:

It is possible to avoid this popup question by preseeding the answer to it. For that create a file /etc/torbrowser.d/50_user.conf with the follow contents, if you want to answer “Yes”.

tb_security_slider_safest=true
Or if you want to answer “No”.
tb_security_slider_safest=false

Technical Details:

This script is: /usr/bin/torbrowser
Function: tb_security_slider
All this would do is copying file /usr/share/torbrowser/security-slider-highest.js to /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
cp /usr/share/torbrowser/security-slider-highest.js /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js

Set Tor Browser Security Slider to Safest?

Perhaps the following deserves another thread but this is still somewhat related.

Increased security may also include disabling resize of Tor Browser. Is it something that can be included here or considered modifications inside Tor Browser?

Indeed. Should be reported to, and fixed upstream in Tor Browser.

Hello
my security slider for the tor browser seems to be broken
even though it displays i am in the “safest” mode Javascript and everything else behaves like it is in Standard mode
i can fix this temporarily if i change the setting/slider to standard and back to whatever i want but whenever i restart the browser it defaults to showing me
that i am on the safest setting while acting like it is on standard
help is appreciated

Can you reproduce this with Tor Browser Bundle on non-Whonix, plain Debian buster?

As per https://www.whonix.org/wiki/Free_Support_Principle?

I can report that the slider works fine in Debian Buster (Tor browser 9.0.2).
How did I determine this?
Went to a javascript heavy page with the shield black. Page loads.
Again, reload the same page, but this time with the shield completely clear and the page took a bit longer, plus many more graphical decorations were present.
Tried several sites in total, including this one, no problems reported with the Tor Browser.

Updated Tor Browser or newly installed?

Fixable through re-installation of Tor Browser?

https://www.whonix.org/wiki/Tor_Browser#Tor_Browser_Downloader_by_Whonix_.E2.84.A2

From my research in the past few days this is a installation specific problem which just affects this specific Whonix instance
so i can not reproduce this anywhere else not even in a newly installed Whonix vm from the same base/template

I would use a fresh installation if i had not installed a bunch of things on it already

I also did a reinstall of the browser which fixed it initially (on first upstart i selected the slider to be on the safest which it acknowledged) but after another restart of the browser it gave me the same problem

it concerns me a bit that it clearly ignores these settings and i wonder if it ignores anything else

The updated one is still broken

add Tor Browser first startup popup to ask whether security slider should be set to safest might be broken.

Try:

Close Tor Browser. Run.

rm ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js

Restart Tor Browser.

Or re-install Tor Browser and then when the popup before Tor Browser starts asks you of if you want to set security slider to highest say No. You can still set security slider to highest manually.

Does that help?

This worked for me
Thanks to everyone that helped