How do I customise Tor Browser in a Whonix TemplateBased DVM in Qubes-Whonix

tatertot:

I may have incorrectly assumed the torbrowser downloader installs into the home folder, where the final torbrowser resides.

I meant with “If nothing special is done, Tor Browser does not come
preinstalled” - if nothing special is done - tb-updater / tb-starter
doesn’t exists which are just hacks around a missing TBB deb package.

To be clear, you mean there would be dueling feature requests?
(1) feature request to be able to update torbrowser in the TemplateVM just like other software
(2) feature requests like mine to be able to update it in the DVM template

There are indeed.

(1) is understandable to make it “deb like”

(2) is quite geeky

I just mention the pop-up to assuage concerns about server-detectable customizations reducing anonymity to pseudonymity.

We currently only have these for Tor Browser.

tatertot:

Based on the final resting place of ~/.tb in home, one would expect the TemplateBasedVM / DVM template to be the place to customize it, like the rest of the home folder.

I see.

I think it is a little surprising/unnatural that ~/.tb in home (the purview of the TemplateBasedVM / DVM Template) came from /var/cache/tb-binary (the purview of the TemplateVM), and he has to go to the latter VM to customize it.

It will always be messy in the absence of a TBB deb one way or another.

Without it coming from /var/cache/tb-binary:
Imagine a first time user trying to run a Whonix based DispVM without
any DVM Template customizations beforehand. Result: Tor Browser not
installed.

Since a premade DVM template is provided by whonix, it can include a copy of torbrowser pre-downloaded to the home folder.

Would just need to remove that code:

if echo "$qubes_vm_name" | grep -q "\-dvm" ; then
   exit 0
fi

From here:

https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population#L23

I think most people who start the DVM Template will run TorBrowser or a terminal, so it seems like a warning in those 2 locations would be seen.

Unless you separate out the user files from the application files of torbrowser, I think making it more “deb like” is a lost cause?

Is (2) customizing DVM templates really very geeky? Having lots of customized DVM templates is a natural consequence of Qubes 4.0’s new support for multiple DVM templates.

Outside of whonix, one might already have:

  • DVM template with no network for opening PDFs
  • another DVM template for clearnet web browsing with various adblockers preconfigured to block certain resources on certain sites
  • another DVM template preconfigured with an IRC login, etc…

Even inside of Whonix, it’s natural to have multiple whonix DVM templates, corresponding to various tradeoffs between signature, speed, and security.

  • factory DVM template
  • DVM template whose torbrowser has javascript disabled to make it safer, at the expense of sticking out more
  • DVM template whose torbrowser has addons to block 3rd party resources; to make it faster, at the expense of sticking out more. For non-security critical general browsing, where the adversary is merely advertising and tracking companies. DispVM enforces wiping history / cookies / browser state.

Even if a user only wants one whonix DVM template, they may find it surprising that their method of customizing non-whonix DVM templates doesn’t work in whonix.

And if they actually want multiple whonix DVM templates, it would be very easy to set up if DispVMs inherited their TorBrowser from the DVM template: open TorBrowser in each DVM Template and customize it. All done via GUI.

Edit: more cohesive.

For sure. Having Tor Browser not installed by default (early Qubes-Whonix version…), needing to repeat the installation process per VM, different updater procedures, having to run the updater in more than one VM (let alone more than on the host [dom0]) were among the biggest usability hassles that were identified by usability designer @bnvk when he was working with Qubes.

Would be good if Tor Browser had an environment variable to increase the security slider level. Could you please submit a feature request against Tor Project?
If we had that, there could be a qvm-service which I would develop which would then set that environment variable so Tor Browser does no longer need that modification on the (file level / start change setting level).

The user.js solution, i.e. creating /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.prefs containing

user_pref("extensions.torbutton.security_slider", 1);

before the first run of TorBrowser, is not acceptable?

TBB folder structure changed several times over the years.

There might already be a ticket for an env var actually could you check
please?

Found it! [Feature Request] Environment Variable to set security slider level (#25391) · Issues · Legacy / Trac · GitLab

By using a standard Salt created whonix-ws-14-dvm, I was able to abbreviate this process. Basically, I skipped steps 1-6, then did:

7. Spawn a Tor Browser dispvm from the new [stock] whonix-dvm
8. Add all other setting ( bookmarks, HTTPSEverywhere rules etc) to the Tor Browser dispvm
9. Copy all pertinent files from Dispvm: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default to the same location in the whonix-ws-dvm

I noticed several cache related files listed under profile.default. Is there any impact to uniqueness by using a copy of the profile like this (beyond having non-default settings), instead of starting from a fresh one every time? It does seem to have resolved an issue I was having with TB freezing for ~30 seconds on startup; I’m guessing as it was creating profile files.

1 Like

No actual issue known but discouraged as precaution under Tor Browser Advanced Topics please see To understand why, please press on Expand on the right.

Good idea, but it isn’t sustainable. 14-DVM wants to install a fresh TBB through whonix-ws when updates are released.

I don’t want to complain but I do hope to find a way to painlessly carry over DVM customizations. The combined effect of Whonix 14 and TBB 8.0 completely destroyed what I had. (TBB 8.0 upgrade erased custom rulesets.) Repeating my work so often would be a complete waste of time.

What do you mean by “wants”?

https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population won’t be touching /home/user/.tb/tor-browser if /home/user/.tb/tor-browser already exists.

https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population#L45

That’s because it’s using

--no-clobber

Won’t be running in DVM Template anyhow…

https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population#L23

I don’t see how Whonix gets into the way here. tb-updater is maximum configurable. You can even overrule each shell function with custom code.

Tor Browser Advanced Topics documents (Option 1 - /etc/torbrowser.d/ settings method) how to start torbrowser / update-torbrowser in DVM Template. first-boot-home-population won’t be touching /home/user/.tb/tor-browser. So I don’t see what’s missing here.

Aside from doing it all by yourself (not relying on Whonix code doing anything wrt Tor Browser / DVM / DispVM)…

What about file based modification and a hook that runs after tb-updater which copies over your file?

@9jnc7:

What method did you use to customize the torbrowser in 14-DVM?

I think the cleanest way is to just create a new DVM template whose name does not end in *-dvm, let’s call it whonix-ws-dvm2. Then it behaves like a traditional qubes DVM template (i.e. all of home persists, torbrowser isn’t recreated on startup every time). Then for updates and customization, you do them from within torbrowser in whonix-ws-dvm2 (and torbrowser’s internal updater preserves customizations!).

The result is 2 DVM templates:
a) the original whonix-ws-dvm. dispvms based on it have the default experience, good for troubleshooting, minimal fingerprintability
b) whonix-ws-dvm2. dispvms based on it have a more comfortable, customized experience.

tatertot:

I think the cleanest way is to just create a new DVM template whose name does not end in *-dvm, let’s call it whonix-ws-dvm2.

Please don’t. This will break in near future. There are other already
documented options to reach the same goal.

I thought that’s how it worked. This wiki entry explains my reasoning:

So, if Whonix works like I think it does (I guess it doesn’t) than tb-updater would overwrite any customizations I make when a new TBB version comes out.

I’m not proficient enough for that. I wouldn’t know where to start.

@tatertot: Was carrying over from pre-Whonix 14. Please forgive me, If the problem is only me I’d rather not use more of everyone’s time.

Apply instructions from (click expand button) Tor Browser Advanced Topics and “there will be no Whonix doing something”, i.e. tb-updater won’t overwrite anything. All that Whonix does by design is configurable and can be disabled.

Thank you.

sorry for necroposting

I want to share a quite simple way to make a whonix friendly minimal changes to the tor browser config. It will allow you to update the browser to a fresh version with update-torbrowser (in whonix-15 template).
You can use >> for save the default effect of security-slider-highest.js file.

In whonix-dvm (template_for_dispvms):

user@host:~$ tail -n 2 /rw/config/rc.local 
sed -i 's/#tb_security_slider_safest=true/tb_security_slider_safest=true/' /etc/torbrowser.d/30_default.conf
echo 'user_pref("browser.ctrlTab.recentlyUsedOrder", false);' > /usr/share/torbrowser/security-slider-highest.js