What method did you use to customize the torbrowser in 14-DVM?
I think the cleanest way is to just create a new DVM template whose name does not end in *-dvm, let’s call it whonix-ws-dvm2. Then it behaves like a traditional qubes DVM template (i.e. all of home persists, torbrowser isn’t recreated on startup every time). Then for updates and customization, you do them from within torbrowser in whonix-ws-dvm2 (and torbrowser’s internal updater preserves customizations!).
The result is 2 DVM templates:
a) the original whonix-ws-dvm. dispvms based on it have the default experience, good for troubleshooting, minimal fingerprintability
b) whonix-ws-dvm2. dispvms based on it have a more comfortable, customized experience.
I thought that’s how it worked. This wiki entry explains my reasoning:
So, if Whonix works like I think it does (I guess it doesn’t) than tb-updater would overwrite any customizations I make when a new TBB version comes out.
I’m not proficient enough for that. I wouldn’t know where to start.
@tatertot: Was carrying over from pre-Whonix 14. Please forgive me, If the problem is only me I’d rather not use more of everyone’s time.
Apply instructions from (click expand button) Tor Browser Advanced Topics and “there will be no Whonix doing something”, i.e. tb-updater won’t overwrite anything. All that Whonix does by design is configurable and can be disabled.
I want to share a quite simple way to make a whonix friendly minimal changes to the tor browser config. It will allow you to update the browser to a fresh version with update-torbrowser (in whonix-15 template).
You can use >> for save the default effect of security-slider-highest.js file.
Does nothing.
(tb_security_slider_safest=true = tb_security_slider_safest=true.)
You can use any of these folders depending on where you want the setting to apply. As per usual Qubes persistence.
/etc/torbrowser.d - TemplateVM, inherited by all templated based AppVMs, DVM Template and DispVMs
/usr/local/etc/torbrowser.d - persists in AppVM, DVM Template → DispVM (i.e. if you want to have settings per AppVM and for all VMs based on TemplateVM)
Thanks for the pointer, this helped me solve the issue. Any way to change HTTPsEverywhere’s settings in a file like this? (blocking non-https pages by default)
Customization is discouraged! To start Tor Browser from the command line or in debugging mode in a Qubes DVM Template, please press Expand on the right.
There you’ll find:
Option 1: /etc/torbrowser.d/ Settings Method
Option 2: cd /var/cache/tb-binary/.tb/tor-browser/Browser Method
Improved a bit just now.
With the latter method its described in detail and don’t see how customization is limited at all by using Whonix.
And also added another option just now.
Option 3: Manual Method
Which should allow for all-encompassing customization.
Happy customization.
This is cumbersome due to unresolved upstream issues of which none is introduced by Whonix. In summary, unavailability of a standard compliant Debian package of Tor Browser and mixing binaries and user data into the same folder. See Tor Browser Update: Technical Details.
Permission denied / Can’t run Tor Browser as root
Since /var/cache/tb-binary/.tb/tor-browser/Browser in the (TemplateVM) are owned by root, then (1) tor browser can’t be run with ./start-tor-browser (as stated in the docs – permission denied) and with sudo ./start-tor-browser it says “Can’t run Tor Browser as root”.
So my solution was to:
cd /var/cache/tb-binary/.tb/tor-browser/Browser
sudo chown -R user:user . to make the browser run under user
customize Tor Browser
sudo chown -R root:root: . (to change it back to being owned by root)
Isn’t option 2 the continuation of option 1
It seems like option 1) an 2) go together, so it would make sense for them to be to be under a single option 1) instead.
I’ve added the “chown” part, but about the other part I’ve noticed that my comment isn’t correct.
The first option show the users how to enable running Tor Browser in the DVM template, but not then does nothing with it. Does that option also allow a user to run it in the TemplateVM? (if so, then it makes sense but needs renaming (DVM->TemplateVM). If not, then this option should be removed as it no longer works.
Thanks for fixing the permission error. Kept the edit and improved. Since that whole wiki page is for advanced users, I removed the click to expand button.
In Whonix-Workstation ™ DVM Template whonix-ws-15-dvm:
Create folder /usr/local/etc/torbrowser.d.
[…]
Open file /usr/local/etc/torbrowser.d/50_user.conf in an editor with root rights. (Qubes-Whonix ™: In TemplateVM)
I think you mean both of these steps should be done on the DVM Template, right?
But overall this change is pretty helpful. Thanks again @Patrick. Keep up the good work!