Thank you.
sorry for necroposting
I want to share a quite simple way to make a whonix friendly minimal changes to the tor browser config. It will allow you to update the browser to a fresh version with update-torbrowser (in whonix-15 template).
You can use >> for save the default effect of security-slider-highest.js file.
In whonix-dvm (template_for_dispvms):
user@host:~$ tail -n 2 /rw/config/rc.local
sed -i 's/#tb_security_slider_safest=true/tb_security_slider_safest=true/' /etc/torbrowser.d/30_default.conf
echo 'user_pref("browser.ctrlTab.recentlyUsedOrder", false);' > /usr/share/torbrowser/security-slider-highest.jsDoes nothing.
(tb_security_slider_safest=true = tb_security_slider_safest=true.)
You can use any of these folders depending on where you want the setting to apply. As per usual Qubes persistence.
/etc/torbrowser.d- TemplateVM, inherited by all templated based AppVMs, DVM Template and DispVMs/usr/local/etc/torbrowser.d- persists in AppVM, DVM Template → DispVM (i.e. if you want to have settings per AppVM and for all VMs based on TemplateVM)
Related:
1 Like
Thanks for the pointer, this helped me solve the issue. Any way to change HTTPsEverywhere’s settings in a file like this? (blocking non-https pages by default)
- figure out how to do this with Tor Browser Bundle on plain, non-Whonix Debian as per Self Support First Policy for Whonix
- only then start considering DispVM
1 Like
Thanks! Will do
Linking here a related discussion on the Qubes forum:
1 Like
Whonix has No Intentional User Freedom Restrictions. I.e. no intentional customization restrictions which wouldn’t be easy to overcome when following documentation.
Quote Tor Browser DVM Template Customization
Customization is discouraged! To start Tor Browser from the command line or in debugging mode in a Qubes DVM Template, please press Expand on the right.
There you’ll find:
- Option 1: /etc/torbrowser.d/ Settings Method
- Option 2: cd /var/cache/tb-binary/.tb/tor-browser/Browser Method
Improved a bit just now.
With the latter method its described in detail and don’t see how customization is limited at all by using Whonix.
And also added another option just now.
- Option 3: Manual Method
Which should allow for all-encompassing customization.
Happy customization.
This is cumbersome due to unresolved upstream issues of which none is introduced by Whonix. In summary, unavailability of a standard compliant Debian package of Tor Browser and mixing binaries and user data into the same folder. See Tor Browser Update: Technical Details.
1 Like
Thank your @Patrick spending time documenting that, I think this will be very useful for Qubes folks! (I’ll link it back on the Qubes forum thread).
Noted! Thanks for the clarification!
Thank you!
1 Like
Just two small notes on documented solution:
Permission denied / Can’t run Tor Browser as root
Since /var/cache/tb-binary/.tb/tor-browser/Browser in the (TemplateVM) are owned by root, then (1) tor browser can’t be run with ./start-tor-browser (as stated in the docs – permission denied) and with sudo ./start-tor-browser it says “Can’t run Tor Browser as root”.
So my solution was to:
cd /var/cache/tb-binary/.tb/tor-browser/Browser-
sudo chown -R user:user .to make the browser run underuser - customize Tor Browser
-
sudo chown -R root:root: .(to change it back to being owned byroot)
Isn’t option 2 the continuation of option 1
It seems like option 1) an 2) go together, so it would make sense for them to be to be under a single option 1) instead.
Should I add these changes to the wiki?
2 Likes
Please do - we need more wiki input from technically minded Qubes users like yourself.
I’d love to see @adw make a comeback too for ideas & input.
1 Like
I need a few minutes to think about this and experiment.
1 Like
I’ve added the “chown” part, but about the other part I’ve noticed that my comment isn’t correct.
The first option show the users how to enable running Tor Browser in the DVM template, but not then does nothing with it. Does that option also allow a user to run it in the TemplateVM? (if so, then it makes sense but needs renaming (DVM->TemplateVM). If not, then this option should be removed as it no longer works.
1 Like
Thanks for fixing the permission error. Kept the edit and improved. Since that whole wiki page is for advanced users, I removed the click to expand button.
That was indeed a bit weird and intermingled.
We have now this:
Please check if that now makes more sense. Let me know what you think.
1 Like
Yes, it’s much more clear now. And the new naming makes lots of sense!
I was able to reproduce both methods. Here is just a little note on a part I found confusing:
Note
I’m a bit confused on the step 5 and 6 of option 1 regarding where the command should be run.
In Whonix-Workstation ™ DVM Template whonix-ws-15-dvm:
Create folder /usr/local/etc/torbrowser.d.
[…]
Open file/usr/local/etc/torbrowser.d/50_user.confin an editor with root rights. (Qubes-Whonix ™: In TemplateVM)
I think you mean both of these steps should be done on the DVM Template, right?
But overall this change is pretty helpful. Thanks again @Patrick. Keep up the good work!
2 Likes
That was a documentation bug because I used wiki template
Template:Open with root rights - Whonix
which is inappropriate there. Now fixed.
1 Like
FWIW, I think it’s appropriate that customizing Tor Browser is only for advanced users. Customization can increase fingerprintability in ways that most users don’t understand or don’t appreciate. (It seems like even some users who say they understand it still have unrealistic expectations about the level of privacy they’ll achieve post-customization.)
One small note on terminology: DVM Template changed to DisposableVM Template a while back.
3 Likes
Alright. Did a wiki wide mass text search and replace just now.
Replace "
DVM Template" with "DisposableVM Template" in the text of the following 12 pages:
Yes, that’s why it is a chapter on this page.
https://www.whonix.org/wiki/Tor_Browser/`Advanced_Users`
Qubes Disposables states:
For most users, Tor Browser customizations in the DisposableVM Template or TemplateVM are discouraged. Advanced users who wish to customize the DVM template despite the risks should follow these steps.
But someone who follows a direct link to Tor Browser Advanced Topics might not know it’s for advanced users only?
Tor Browser Advanced Topics is now stating
Tor Browser customization is discouraged!
This is generally. Not a Qubes DisposableVM Template specific issue.
That link “Tor Browser customization is discouraged!” was actually broken which I now changed to:
Tor Browser Advanced Topics
Where I added:
- See also Unsafe Tor Browser Habits.
Right, are we sufficiently pointing that out already in documentation?
Thank you!
Right, I noticed. I was just voicing agreement. 
Hm, well it’s right there in the URL, so they should… but I suppose some people still won’t…
Yes, I think so. Again, was just voicing agreement.
Sorry, I saw @torjunkie encouraging my input (thanks!), but I didn’t have much to add besides agreeing. 
2 Likes