Dealing with TBB native updater

The 4.0.1 browser and upwards I think supports (as of yet) non verified updates through its native updater. I was thinking we should somehow warn people not to update their TBB through that channel.

As for us, an anonymity distro with some dedicated form of TBB upgrades its probably preferable to disable TBB’s native upgrading mechanism altogether and just have people rely on tb-updater/torbrowser-launcher.

Question is if Torbrowser supports such option in first place.

Surprises and shocks me they are going for non-verified updates. Their trac ticket:

Other related Tor Browser updater by The Tor Project trac tickets:

Yes, we should warn about it. TODO:

• blog post in important category
• Whonix News
• Tor Browser Essentials

Disabling could be difficult without forking TBB (which would be too much work, I think). TODO:

• create a torproject trac ticket, ask if there is a way for distributions to turn off the auto updating feature without recompiling/forking TBB

[quote=“Patrick, post:2, topic:735”]Yes, we should warn about it. TODO:

• blog post in important category
• Whonix News
• https://www.whonix.org/wiki/Tor_Browser[/quote]
  Done.

[quote=“Patrick, post:2, topic:735”]Disabling could be difficult without forking TBB (which would be too much work, I think). TODO:

• create a torproject trac ticket, ask if there is a way for distributions to turn off the auto updating feature without recompiling/forking TBB[/quote]
  Asked:
  [tor-talk] How to disable Tor Browser's Internal Updater?

Thanks to Rusty Bird (https://lists.torproject.org/pipermail/tor-talk/2014-December/035886.html) I tested, that creating a file

~/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/preferences/tb_internal_updater_disable.js

with the content

pref("app.update.enabled", false);

would disable applying updates using Tor Browser’s internal updater. tb-updater could create that file after extracting Tor Browser. It’s simple to develop.

Now I am wondering if a stable update or adding this at all would be worth it. I think after TPO fixed verification, users would demand another stable update. So this endeavor would cost some time for maintenance. Is it worth it? Any input?

Now I am wondering if a stable update or adding this at all would be worth it. I think after TPO fixed verification, users would demand another stable update. So this endeavor would cost some time for maintenance. Is it worth it? Any input?

I don’t think this is urgent enough to deserve its own maintenance release however it is worth it to have this change.

Having two different update systems could be a headache and cause problems down the line. Better to have just one and stick to it IMO.

Ok. Implemented that. Will all be in Whonix 10. The relevant changelog:

tb-updater: Deactivating Tor Browser’s Internal Updater at least as long it does not support verification. See also:
- https://www.whonix.org/blog/tor-browser-updater-warning
- https://www.whonix.org/forum/index.php/topic,807
tb-updater: make functions skipable through tb_skip_functions environment variable, so users could skip certain patches by using /etc/torbrowser.d configuration folder

Can be disabled in settings:
https://github.com/Whonix/tb-starter/blob/master/etc/torbrowser.d/30_torbrowser_default

Update:
The Tor Project has fixed this in TBB version 4.5a3. (As per blog post.)

Follow up task…

consider removal of deactivation of TBB’s internal updater because upstream fixed the issue:
https://phabricator.whonix.org/T105