Will the security level be locked, or could the user still change it? if unlocked, and those are only defaults, user lower the slider of the “security focused” to lowest level when he moves to a site that requires it or change the slider of the “usability focused” to the highest, instead of moving from one browser to another (read: the distinction between the browsers is too easy for user to break by mistake). If changed, will the last state be saved? if so, then the names won’t mean much anymore. If it won’t, we change functionality of Tor browser.
I think changing menu items or blocking them based on first click may seem peculiar (where did this menu item go? I am sure it was here just a second ago…).
I never understood the Tor browser naming in Whonix. In the menu, we have both “Web Browser (browse the web)” and “Tor Browser (Anondist)”. At the task bar it’s “Web Browser (browse the web)”. The window caption in both cases is “Tor Browser”.
Whonix Browser? We’ve already decided that the Whonix brand is exclusively anonymity related and so we’re not putting it on any hardened (but non-anonymous) products’ labels. The homepage disclaimer should then cover the warrnaty disclaimer stuff.
Since we are not modifying the core code or functionality in any way I don’t think we should go the extra mile of new icons for this version, unlike SecBrowser.
First Start of Tor Browser (AnonDist) - Security vs Usability Trade-off
The producers of Tor Browser decided the security slider setting to be set to “Standard” by default. Quote Tor Browser Manual:
You can further increase your security by choosing to disable certain web features that can be used to attack your security and anonymity. You can do this by increasing Tor Browser’s Security Settings in the shield menu. Increasing Tor Browser’s security level will stop some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
This popup question does not restrict your freedom to change security slider settings at any time.
Responsible for this popup question is Tor Browser Starter by Whonix developers. It is an usability feature, which might break in future. Therefore the user is advised to verify that the security slider has the expected setting. Please donate!
It is possible to avoid this popup question by preseeding the answer to it. For that create a file /etc/torbrowser.d/50_user.conf with the follow contents, if you want to answer “Yes”.
Or if you want to answer “No”.
This script is: /usr/bin/torbrowser
All this would do is copying file /usr/share/torbrowser/security-slider-highest.js to /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
cp /usr/share/torbrowser/security-slider-highest.js /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
my security slider for the tor browser seems to be broken
i can fix this temporarily if i change the setting/slider to standard and back to whatever i want but whenever i restart the browser it defaults to showing me
that i am on the safest setting while acting like it is on standard
help is appreciated
I can report that the slider works fine in Debian Buster (Tor browser 9.0.2).
How did I determine this?
Again, reload the same page, but this time with the shield completely clear and the page took a bit longer, plus many more graphical decorations were present.
Tried several sites in total, including this one, no problems reported with the Tor Browser.
From my research in the past few days this is a installation specific problem which just affects this specific Whonix instance
so i can not reproduce this anywhere else not even in a newly installed Whonix vm from the same base/template
I would use a fresh installation if i had not installed a bunch of things on it already
I also did a reinstall of the browser which fixed it initially (on first upstart i selected the slider to be on the safest which it acknowledged) but after another restart of the browser it gave me the same problem
it concerns me a bit that it clearly ignores these settings and i wonder if it ignores anything else