[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Just Curious why no warning to not "maximize your window" whilst using Whonix Browsers?


#1

Just Curious why no warning to not “maximize your window” whilst using Whonix Browsers?


#2

It’s here:

https://www.whonix.org/wiki/Tor_Browser#Unsafe_Tor_Browser_Habits


#3

donkaschein sir
um, however, am I to assume, that the warning is removed because whonix users should just know better than to change the default window size at all?

vs. TBB on windows need the warning , because they are less sophisticated?

https://trac.torproject.org/projects/tor/ticket/7255

I’m not smart enough to read this format of tickets, or I wouldn’t bother you :slight_smile:


#4

That’s not easy to grasp for lots of people including me either indeed. Our development discussion:


#5

um, however, am I to assume, that the warning is removed because whonix users should just know better than to change the default window size at all?

vs. TBB on windows need the warning , because they are less sophisticated?

addendum: oh I see so hulahoop is saying, it might be OK to maximize windows soon, but doesn’t seem to explain why no warning in whonix


#6
  1. The Tor Project still warns against maximizing or changing the window size.

  2. Unknown if this is still a tracking vector for TBB, Whonix, Qubes-Whonix.

  3. We’ve explicitly outlined that it is probably bad opsec:

(Do not) Maximize or change [60] the default window size setting.

  1. It is yet to be seen if a patch has been introduced to completely kill this tracking vector.

So there is nothing to “um” about.

The fact is with possible risks, the user should resist convenience over security i.e. full size or resized screens, because it may be yet another unique variable to identify them e.g. Panopticlick and others routinely picking up screen size and resolution.

So, until The Tor Project removes the warning or it is proven this is no longer a viable tracking vector, the warning should remain. For instance, Mike Perry has noted there is an estimated 29 bit-identifier based on the browser and desktop window resolution information alone.

Re: Whonix users being more “sophisticated” vs TBB on Windows etc, based on questions asked in forums, stackexchange and elsewhere, that is a very dangerous assumption to make.


#7

OK, well then my OP question is, explain why the warning exists off whonix, but NOT on whonix… sigh


#8

Really? I never noticed since I don’t maximize it out of habit.

@Patrick would know why the warning doesn’t appear in the Whonix Tor Browser, and does in the standard TBB. That must relate to some change in the Whonix code somewhere, but as far as I remember the only changes to Tor Browser in Whonix were:

  • Whonix landing page.
  • Tor circuit view disabled for security reasons.

If you are right, this is a (minor) security issue potentially.


#9

torjunkie:

@Patrick would know why the warning doesn’t appear in the Whonix Tor
Browser, and does in the standard TBB.

No deliberate Whonix changes besides the ones you linked.

No, I don’t compare with the Windows version of TBB. I don’t think any
appropriate comparison has been made yet.

a)

  • TBB on on plain (non-Qubes) Debian vs
  • Tor Browser on Non-Qubes-Whonix

or b)

  • TBB on on plain (non-Qubes) Debian vs
  • Tor Browser on Qubes-Whonix

Comparing TBB on Windows with Tor Browser on Whonix is conceptually
wrong. Because then you have all the differences Windows vs Linux plus
Linux vs Whonix.

If one wants to help with TBB (non-Whonix) development, then comparing
TBB on plain (non-Qubes) Debian vs TBB on Windows may be useful.

If one wants to help with TBB (non-Whonix) development, then comparing
various versions of Linux distributions with each other may be useful.
Or comparing TBB on various versions of Windows.

Does this make sense?

Do you think this could be turned into a wiki table so we have a matrix
of this for further reference? And/or (rewrite plus) copy this post to
the wiki?


#10

yes, probably was a dumb question on my part, now …if you could get the “send me notifcations?” “not now” out of the browser I’d be happy :slight_smile:


#11

I’ve added this to the http://kkkkkkkkkk63ava6.onion/wiki/Tor_Browser#Whonix_Tor_Browser_Differences section:

== Tor Browser Functionality on Different Platforms ==

Note: It is not [Just Curious why no warning to not “maximize your window” whilst using Whonix Browsers? valid to make a comparison] between the Windows version of TBB and the Whonix Tor Browser concerning functionality, for instance, why the warning message doesn’t appear in Whonix when maximizing the browser window. No changes have been made to Whonix code to prevent such a warning. The reason is this comparison includes a host of platform-specific differences which confound the result. For example, a more valid comparison would be the differences between:

  • TBB on (non-Qubes) Debian vs Tor Browser on Non-Qubes-Whonix.
  • TBB on (non-Qubes) Debian vs Tor Browser on Qubes-Whonix.

Similarly, if a user wanted to help with TBB (non-Whonix) development, then these comparisons would be useful:

  • TBB on (non-Qubes) Debian vs TBB on Windows.
  • TBB on different Linux distributions.
  • TBB on different Windows platforms.