Note I am posting this on Whonix forums and not for Kicksecure , as there is a mullvadbrowser executable available on Whonix Workstation PATH, which triggers Mullvad Browser Starter (by Kicksecure developers) downloader.
Mentioned downloader tries to use socksified curl , despite having disabled uwt via echo 'uwtwrapper_global="0"' >> /etc/uwt.d/50_user.conf. I think main purpose of using Mullvad Browser instead of Tor Browser is some form of tunneling technique like User -> Tor -> VPN -> Inet or User -> VPN -> Tor -> Inet. Hence it would be appreciated if downloader could work on an âunproxiedâ workstation and respect uwt settings for curl - at least until verified Mullvad browser Flatpak package is provided and installable with Flatpak in Whonix.
Is Mullvad Browser Downloader officially supported with Whonix/Qubes-Whonix?
If yes: Could you provide an option to download to the template similar to the Tor Browser downloader, to be used easily in multiple workstations? (I think current solution tries to download to $HOME.)
No. If itâs not mentioned in the Whonix documentation in this context, best to assume no.
The VPN related wiki pages need a lot of work but itâs very complicated and time consuming.
I donât think this issue exists. Tested in a Kicksecure Template.
> update-mullvadbrowser
âŚ
INFO: Automatically setting download folder to â/var/cache/tb-binaryâ, because running inside Qubes Template but not run from postinst. This is useful so you get up to date versions of âMullvad Browserâ in newly created App Qubes inherited from updated Templates.
More info: https://www.kicksecure.com/wiki/Mullvad_Browser/Advanced_Users#Qubes-specific
âŚ
, which let me assume, curl is used for the download process - hence the mentioning of uwt.
Not sure, what you are referring to to be nice here - usage of Mullvad Browser or ability to use Tor before VPN? Latter probably should best used with Qubes-Whonix to prevent leaks, former can already be used of now, but it is cumbersome to install and update (manual process).
Yes, right. I was just giving tunneling examples, but the relevant here is User -> Tor -> VPN -> Inet.
Thanks for clarifying. Still hoping for a verified flatpak package in the long run.
Ah, I have not tried mullvadbrowser from within the template yet. From AppVM it said:
Mullvad Browser is currently not installed.
(Folder /home/user/.mullvadbrowser/mullvad-browser does not exist.)
Start Mullvad Browser Downloader (by Kicksecure developers)?
Great, so despite being unofficial, does anything speak against still using this routine in Whonix (apparently same installer executable as in Kicksecure exists )? I might execute it in the template for download, and later on in the AppVM workstation to actually install the browser, without need to deproxy anything for sake of install process, right?
Thatâs just the downloader of Mullvad Browser and not the browser itself. Hence unrelated.
Using proxy settings. Hence also unrelated to uwt which is only used in case proxy settings are unsupported or infeasible to configure.
I mean you seeing some executable in PATH (âmullvadbrowserâ) to assume it must have something to do with Whonix and/or VPN. Guessing these things can easily get wrong.
Maybe an educated guess for research with search engines but thatâs about it.
Users are free to experiment with it as they are with any other application of their choice.
Right.
Some details about Mullvad Browser downloader by Kicksecure developers, Whonix environment variables and Mullvad Browserâs own settings have been documented here just now: Mullvad Browser, Whonix Specific
Not being able to start the downloader is the issue I tried to describe in OP. I did not come past the point of downloading, as curl without enabled proxy settings was needed in my case for tunneling mode. Sorry if that didnât become clear.
Yes. At least it was surprising for me to see some kind of Mullvad binary be present on PATH within Whonix environment. I didnât assume it to have anything to do with VPN, as Mullvad browser is independent of their VPN service.
Allright, I am gonna test the download from within template. Thanks for adding documentation.
Would it be possible to reuse this CURL_PROXY environment variable for mullvadbrowser downloader implementation? From my tests, Tor Browser Downloader/tb-updater could be âun-socksifiedâ by setting
TB_NO_TOR_CON_CHECK=1
CURL_PROXY="--fail"
in /etc/torbrowser.d/50_user.conf. But this did not work for the Mullvad Browser Downloader. (Also tried CURL_PROXY="--fail" mullvadbrowser without success.)