Local browser homepage for Tor Browser in Whonix

Been working recently on the problem of getting access to Torbutton’s status information with the Whonix Welcome Page.

I’ve tried just about every way I can think of to hack this functionality in “natively” using just the local webpage.

No success. Webpages in the browser seem fully sandboxed from anything useful.

Some of the things I tried:

• Access Torbutton extension with JavaScript
• Access external data files with AJAX
• Access unparsed external data files with DTD
• Parse external JavaScript files with JavaScript
• Parse unstructured external CSS files with JavaScript
• Parse external image files with JavaScript

Nothing works. The browser won’t let me break out of its tight content sandbox.

I’ve read around the web of other people trying to accomplish similar things without success and statements of it being impossible by design for security purposes (which makes sense).

So since it doesn’t seem to be possible using just a native local webpage…

That leaves us with the following options:

• Just use a static homepage that doesn’t check Torbutton status info, and let users simply rely upon looking at the icon of Torbutton for Tor/TB status.

• Get the upstream patch accepted to allow for an alternate “about:tor” homepage.

• Make a Whonix Shell or Python script that can query the Tor/TB status information we need, and then write the info to a JavaScript or DTD file that can be accessed by our native homepage.

• Make a Whonix Firefox extension (which I could do), and somehow get it automatically installed into TB (not sure if possible).

Sounds sensible.

[quote=“WhonixQubes, post:41, topic:347”]That leaves us with the following options:

• Just use a static homepage that doesn’t check Torbutton status info, and let users simply rely upon looking at the icon of Torbutton for Tor/TB status.[/quote]
  That would work, depending on how motivated you are about this task.

- Get the upstream patch accepted to allow for an alternate "about:tor" homepage.

That sounds ideal!

Before implementing this, I advice some preliminary discussion with the TBB dev team. Either using trac.torproject.org or attending the tbb IRC dev meeting.

- Make a Whonix Shell or Python script that can query the Tor/TB status information we need, and then write the info to a JavaScript or DTD file that can be accessed by our native homepage.

Querying TBB's internal variables from outside seems hard, no?

- Make a Whonix Firefox extension (which I could do), and somehow get it automatically installed into TB (not sure if possible).

Seems too difficult to maintain, because then we couldn't just download TBB, but would have to build it, which is too much.

[quote=“Patrick, post:42, topic:347”][quote author=WhonixQubes link=topic=365.msg6279#msg6279 date=1420386775]

• Just use a static homepage that doesn’t check Torbutton status info, and let users simply rely upon looking at the icon of Torbutton for Tor/TB status.
  [/quote]
  That would work, depending on how motivated you are about this task.[/quote]

Yeah, this is always an ultimately available fallback option, and pretty much ready now.

That sounds ideal!

Before implementing this, I advice some preliminary discussion with the TBB dev team. Either using trac.torproject.org or attending the tbb IRC dev meeting.[/quote]

Would your existing ticket/patch not be the solution?

Querying TBB’s internal variables from outside seems hard, no?[/quote]

Probably don’t have to use TBB’s info. Rather, we could get the following info from other places…

• Tor Connection Status …(whonixcheck or ControlPort?)
• Current Tor Browser Version …(tb-updater or ~/tor-browser_en-US/Docs/version)
• Newest Tor Browser Version …(tb-updater or torproject.org)

Then just dynamically (over)write a JavaScript or DTD file with such status info. And I could natively use that dynamically overwritten file’s info to dynamically adjust the Whonix Welcome Page.

What it seems we’re looking for is to know if the current Tor Browser is out of date and maybe also whether it has Tor connection access via the Whonix-Gateway.

Since whonixcheck and tb-updater already seem to be getting this info, it might be fairly straightforward to re-purpose this functionality into writing a simple dynamically updated JavaScript or DTD file.

Then maybe we could call this (shell) script at various intervals, like, as examples:

• When tb-starter runs
• When whonixcheck runs
• When timesync runs
• Random time intervals

This method could be used in the meantime, if TPO is lagging or resistant to your upstream Tor Browser patch.

Am I fundamentally missing something with this approach?

Seems too difficult to maintain, because then we couldn’t just download TBB, but would have to build it, which is too much.[/quote]

Yeah, if there is no way to automatically import a Firefox extension without user interaction (which I suspect is true), then this wouldn’t really be feasible, as you say.

Yeah, this is always an ultimately available fallback option, and pretty much ready now.

Can you add it to git please? I can do that as well - but then the git commit is with my name / e-mail. Getting credit for something I didn't do.

Would your existing ticket/patch not be the solution?

environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab

No. It’s a very different feature to be implemented there. Best not to distract with different topics. Linostar (new contributor) is working on a patch.

IRC is good because otherwise it’s sometimes months before even get an initial reply for some ticket.

Can you add it to git please? I can do that as well - but then the git commit is with my name / e-mail. Getting credit for something I didn’t do.[/quote]

Yes. Already available. Still under development (~99% for static page):

[b]https://github.com/WhonixQubes/whonix-welcome-page[/b]

I have signed all of the commits with my OpenPGP key.

[quote=“Patrick, post:44, topic:347”][quote]
Would your existing ticket/patch not be the solution?

No. It’s a very different feature to be implemented there. Best not to distract with different topics. Linostar (new contributor) is working on a patch.

IRC is good because otherwise it’s sometimes months before even get an initial reply for some ticket.[/quote]

Maybe we are mixed up here and talking about different things?

When I mentioned this…

- Get the upstream patch accepted to allow for an alternate "about:tor" homepage.

I was talking about your ticket/patch (#13835) serving as the solution for our Whonix Welcome Page getting access to Torbutton status via gaining the position of the “about:tor” URL.

Which, I think it probably could, if this “TOR_HOMEPAGE” – “environment variable to set TorBrowser homepage” – patch was incorporated into Tor Browser.

Probably don't have to use TBB's info. Rather, we could get the following info from other places...

This method could be used in the meantime, if TPO is lagging or resistant to your upstream Tor Browser patch.

Am I fundamentally missing something with this approach?

That would work.

Yeah, if there is no way to automatically import a Firefox extension without user interaction (which I suspect is true), then this wouldn't really be feasible, as you say.

Yes.

https://github.com/WhonixQubes/whonix-welcome-page

Awesome! Going to package it soon.

Maybe we are mixed up here and talking about different things?

Quite possible. :)

I was talking about your ticket/patch (#13835) serving as the solution for our Whonix Welcome Page getting access to Torbutton status via gaining the position of the "about:tor" URL.

Which, I think it probably could, if this “TOR_HOMEPAGE” – “environment variable to set TorBrowser homepage” – patch was incorporated into Tor Browser.

linostar has submitted a patch for environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab :

• Tweak startup-observer.js to set homepage from environment variable · linostar/torbutton@5d589cd · GitHub
• environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab
• The Tor Project / Organization · GitLab

Just finished testing it. Works well.

It has a small scope and good chance of being accepted, I think. Just allows to easily set the homepage in a way that works well for derivatives such as Whonix. Doesn’t give access to TorButton’s variables.

For more comprehensive changes such as “please add Whonix’s local welcome page to TorButton source code”, it’s much better to start fresh discussions.

Quite possible.

[quote]I was talking about your ticket/patch (#13835) serving as the solution for our Whonix Welcome Page getting access to Torbutton status via gaining the position of the “about:tor” URL.

Which, I think it probably could, if this “TOR_HOMEPAGE” – “environment variable to set TorBrowser homepage” – patch was incorporated into Tor Browser.
[/quote]
linostar has submitted a patch for environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab :

• Tweak startup-observer.js to set homepage from environment variable · linostar/torbutton@5d589cd · GitHub
• environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab
• The Tor Project / Organization · GitLab

Just finished testing it. Works well.

It has a small scope and good chance of being accepted, I think. Just allows to easily set the homepage in a way that works well for derivatives such as Whonix. Doesn’t give access to TorButton’s variables.

For more comprehensive changes such as “please add Whonix’s local welcome page to TorButton source code”, it’s much better to start fresh discussions.[/quote]

Here’s what I was thinking (different than adding Whonix Welcome Page into Torbutton source)…

The Torbutton extension dynamically changes the “about:tor” homepage based on its internal variables, via CSS I believe.

If we had the original patch idea implemented, which conditionally changes the “kAboutTorURL” variable to our “TOR_HOMEPAGE” Whonix Welcome Page URL…

Then I could probably leverage the same CSS ids/classes that the TPO “about:tor” page uses, and the Torbutton extension would likely use them just the same, and I could then natively design in some dynamic visual state changes that we want.

It would be an indirect way of using the state of Torbutton variables on our webpage, without actually having access to them. Rather, leveraging the CSS styles that Torbutton uses for “about:tor”, based on the Torbutton variables.

However, using the “browser.startup.homepage” patch instead of “kAboutTorURL” and pointing “browser.startup.homepage” to our “file://” URL instead of leaving the “about:tor” URL intact, would kill this method for us, since Torbutton is linked to “about:tor” and not other “file://” pages.

Here are the relevant Torbutton state change CSS classes included for “about:tor”:

class="hideIfTorOn"

class="hideIfTorOff"

class="hideIfTorIsUpToDate"

class="hideIfTBBNeedsUpdate"

Would need the “kAboutTorURL” patch to keep the “about:tor” homepage URL intact.

Okay, I understand now.

Any idea what else we could suggest to TPO? Any idea what patch we could ask TPO to merge?

They didn’t like my original idea to use about:tor for something else. (environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab) - Or I misinterpreted that.

It’s not too late for something else. Let’s see what they say about #13835. Getting that merged would be very useful so or so.

In parallel we could also suggest something else, provide a patch for something else. New ticket. New chat. Fresh discussion.

Brainstorming… Could you implement something like another special page? Such as about:distro. Which is by default just a copy of about:tor. So same CSS classes are available. Maybe such a copy is possible with a lightweight patch? Then they could have their about:tor kept intact in any case. And with some environment variable, distributions such as Whonix, Tails, etc. could point about:distro to some local location were they implement their own local homepage. Something like that.

The explanatory and social part is not super simple here. I guess Tails could be interested in this as well, since as I heard they are moving to original TBB as well? That’s why it would be great if you could talk to some TBB dev at the tbb dev IRC meeting.

Anyhow. Glad you’re working on this one!

In response to your last post, to help us get better positioned, I will attempt to layout the overall issue in a way that is generalized for distros like Whonix, Tails, etc…

Need: Custom Local Homepage for Tor Browser

Distributions that include Tor Browser as their primary web browser, for various reasons (project branding, user instruction, special web application, legal trademark, etc), may need/want to implement a custom default local homepage, without the burden of building each new version of Tor Browser from source code on behalf of their users.

Problems: Torbutton State and New Windows

Distributions can currently use a custom Tor Browser launcher script that passes a URL option to “start-tor-browser” for opening a custom webpage upon initial browser launch.

However, there are a couple fundamental shortcomings to this launcher script method:

1) Lack of Torbutton State on Homepage:

It would be beneficial for the local homepage of distributions that use Tor Browser to be able to access the “state” of Torbutton, so they can visually warn users when TBB needs updating or Tor is not connected, just as the original “about:tor” page does.

This Torbutton “state” is passed to the “about:tor” homepage via these CSS classes:

class="hideIfTorOn"
class="hideIfTorOff"
class="hideIfTorIsUpToDate"
class="hideIfTBBNeedsUpdate"

2) Opening New Windows Reverts to Default Homepage:

After a user launches Tor Browser with a distribution’s custom homepage launcher script, if they simply open a new browser window, the default “about:tor” homepage is reverted to.

It would be beneficial if a custom homepage were able to be persistent for distributions that use Tor Browser.

Suggested Solution: Make “kAboutTorURL” Conditional with Environment Variable

A ticket that would be a solution has been submitted by Patrick Schleizer to the Tor Project here:

[b]Sign in · GitLab

[b]Tor Browser's homepage is currently hardcoded in (aboutTor.js).[/b]

kAboutTorURL = "chrome://torbutton/content/aboutTor/aboutTor.xhtml";

It would be nice if there was an TOR_HOMEPAGE environment variable to configure this. Would be useful for (linux) distributions that want to set a divergent default.

This would keep the homepage URL as “about:tor” but allow distributions to use their own custom local webpage as the homepage content. And allow for the 2 mentioned problems to be properly resolved (Problems: Torbutton State and New Windows).

If the Tor Project did not want to allow other distributions to modify or replace the content associated with the “about:tor” homepage URL…

Then an additional “about:” URL could be registered and used by Torbutton if a custom homepage Environment Variable is set by a distribution.

Potentially using another “about:” URL, if “about:tor” is considered taboo, for example:
about:homepage
about:start
about:anon
about:distro
etc

Torbutton would have to register any such additional “about:” URL for this purpose, if using “about:tor” would be a taboo issue.

Non-Ideal Other Solution: Make “browser.startup.homepage” Conditional with Environment Variable

Another non-ideal solution has been discussed and submitted, involving conditionally setting “browser.startup.homepage” to a local homepage “file://” path, when a custom homepage Environment Variable is set by a distribution.

This is non-ideal, compared to the solution of making the “kAboutTorURL” variable be conditional to an Environment Variable.

It does not resolve problem #1) Lack of Torbutton State, because Torbutton is only able to pass its “state” to “about:tor” or another purposefully registered “about:” URL.

Non-Ideal Torbutton State Workaround

If the ideal “kAboutTorURL” solution is not implemented…

A non-ideal workaround for passing similar Tor-related “state” information to a distribution’s custom local homepage would be to:

Develop an extra external program that independently queries Tor Browser versions and Tor connection information, and then dynamically overwrites a JavaScript or DTD file with such “state” information.

Then the custom local homepage could call that file in a standard way to retrieve the “state” info.

However, this is non-ideal, because:

• It places higher and unnecessary development demands upon distributions for an already built-in feature of Torbutton.

• It likely means that distributions will have to regularly initiate internet queries to get Tor Browser update information, where such network traffic patterns, different from Torbutton, could lead to additional external fingerprinting of a specific distribution in use.

In response to your last post, to help us get better positioned, I will attempt to layout the overall issue in a way that is generalized for distros like Whonix, Tails, etc...

Yeah, generalizing has a much better chance of getting heard.

Checking the proposal now…

[hr]

A ticket that would be a solution has been submitted by Patrick Schleizer to the Tor Project here:

[b]Sign in · GitLab

I think it’s better not to reference that. Creates confusion, I think. That ticket scope is now more sort of
“environment variable to set TorBrowser browser.startup.homepage”

If the Tor Project did not want to allow other distributions to modify or replace the content associated with the "about:tor" homepage URL...

Already once someone from their dev team raised they don't like this. So I think chances are best not to distract discussions with that.

Adjusted the markup for trac. And made a few changes. Please feel free to make changes. Anything. Also reverts. Was just trying to match their perspective as best I can imagine. And then please post it.

[hr]

summary:

custom browser homepage support for derivatives with "state" support

component:

TorBrowserBundle

priority:

normal

cc:

your-trac-account, proper, T(A)ILS developers

[hr]

'''__TLDR__''':

I would like to implement `about:homepage` (or so)

* would be similar to `about:tor`
* providing same "states" as `about:tor` (i.e. CSS classes `"hideIfTBBNeedsUpdate"` etc.)
* that can be skinned by (linux) distributions without needing to fork or build TBB from source code.

What do you think?

-----
-----
-----

'''__Long__''':

= Need: Custom Local Homepage for Tor Browser =
Distributions that include Tor Browser as their primary web browser, may need/want to implement a custom default local homepage for various reasons (project branding, user instruction, special web application, legal trademark, etc), without the burden of building each new version of Tor Browser from source code on behalf of their users. This is the case for Whonix as I can say, it might be the case for Tails as well, but I cannot speak for them.

= Current Problems =
Distributions can currently use a custom Tor Browser launcher script that passes a URL option to "start-tor-browser" for opening a custom webpage upon initial browser launch.

However, there are two fundamental shortcomings to this launcher script method:

== (1) Lack of Torbutton State on Homepage ==
It would be beneficial for the local homepage of distributions that use Tor Browser to be able to access the "state" of Torbutton, so they can visually warn users when TBB needs updating or Tor is not connected, just as the original "about:tor" page does.

This Torbutton "state" is passed to the `about:tor` homepage via these CSS classes:

{{{
class="hideIfTorOn"
class="hideIfTorOff"
class="hideIfTorIsUpToDate"
class="hideIfTBBNeedsUpdate"
}}}

Re-using the existing "state" is desirable, because then the same freshness and parsing code is used as for `about:tor`.

== (2) Opening New Windows Reverts to Default Homepage ==
After a user launches Tor Browser with a distribution's custom homepage launcher script, if they simply open a new browser window, the default `about:tor` homepage is reverted to.

It would be beneficial if a custom homepage were able to be persistent for distributions that use Tor Browser.

= Solutions =
== Suggested Solution ==
=== Make "kAboutTorURL" Conditional with Environment Variable ===
Tor Browser's homepage is currently hardcoded in (aboutTor.js).

{{{
kAboutTorURL = "chrome://torbutton/content/aboutTor/aboutTor.xhtml";
}}}

It would be nice if there was an environment variable to establish an alternative. Would be useful for (linux) distributions that want to set a divergent default.

An additional `about:` URL could be registered and used by Torbutton if a custom homepage Environment Variable is set by a distribution.

This would keep TBB's default homepage URL as `about:tor` but allow distributions to use their own custom local webpage as the homepage content. And allow for the 2 mentioned problems to be properly resolved (Problems: Torbutton State and New Windows).

Potentially using another `about:` URL for example one of these:

{{{
about:homepage
about:start
about:anon
about:distro
etc
}}}

Torbutton would have to register an such additional `about:` URL for this purpose.


== Non-Ideal Other Solutions ==
=== setting browser.startup.homepage ===
This is non-ideal, compared to the solution of making the `kAboutTorURL` variable be conditional to an Environment Variable.

It does not resolve problem (1) Lack of Torbutton State, because Torbutton is only able to pass its "state" to `about:tor` or another purposefully registered `about:` URL.

=== Non-Ideal Torbutton State Workaround ===
If the ideal `kAboutTorURL` solution is not implemented...

A non-ideal workaround for passing similar Tor-related "state" information to a distribution's custom local homepage would be to:

Develop an extra external program that independently queries Tor Browser versions and Tor connection information, and then dynamically overwrites a JavaScript or DTD file with such "state" information.

Then the custom local homepage could call that file in a standard way to retrieve the "state" info.

However, this is non-ideal, because:

* It places higher and unnecessary development demands upon distributions for an already built-in feature of Torbutton.
* It likely means that distributions will have to regularly initiate internet queries to get Tor Browser update information, where such network traffic patterns, different from Torbutton, could lead to additional external fingerprinting of a specific distribution in use.

Initial packaging done:

Apparmor sorted out:

open /usr/share/homepage/whonix-welcome-page/whonix.html as default homepage if that file is existing, done:

set, export environment variable TOR_HOMEPAGE to set TorBrowser homepage to /usr/share/homepage/whonix-welcome-page/whonix.html environment variable to set TorBrowser homepage (#13835) · Issues · Legacy / Trac · GitLab :
set, export environment variable TOR_HOMEPAGE to set TorBrowser homep… · Whonix/whonix-welcome-page@50ba03c · GitHub

added to Whonix main repo:
https://github.com/Whonix/Whonix/commit/40fb6a7ffaceb2b03e8398e6d750975b1f0d2cb8

The integration into Whonix work is now done.

Could you add the licensing information to,

• /usr/share/homepage/whonix-welcome-page/javascript.js
• /usr/share/homepage/whonix-welcome-page/stylesheet.css
• /usr/share/homepage/whonix-welcome-page/whonix.html
  please? (Similar to other files headers. Just using html comments or so.)

Do you agree to whonix-welcome-page/CONTRIBUTING.md at master · Whonix/whonix-welcome-page · GitHub ?

[quote=“Patrick, post:55, topic:347”]Initial packaging done:
https://github.com/Whonix/whonix-welcome-page/commit/9a49d4b720ea6753082bca83af7d625a42b6ba4a[/quote]

Great.

[hr]

Great.

[hr]

Yes, I do.

[hr]

[quote=“Patrick, post:58, topic:347”]Could you add the licensing information to,

• /usr/share/homepage/whonix-welcome-page/javascript.js
• /usr/share/homepage/whonix-welcome-page/stylesheet.css
• /usr/share/homepage/whonix-welcome-page/whonix.html
  please? (Similar to other files headers. Just using html comments or so.)[/quote]

Yes. I will do so.

[hr]

So would I just directly use the GitHub - Whonix/whonix-welcome-page: https://www.whonix.org/wiki/Imprint repo now, and delete my initial GitHub - WhonixQubes/whonix-welcome-page: Whonix Welcome Page is the local homepage for Tor Browser in Whonix OS. repo?

[hr]

Actually, I think we likely won’t need JavaScript, so I will probably remove the javascript.js file (empty right now).

JavaScript is not useful for those who turn it off with NoScript, etc, and is known to introduce security/anonymity threats out on the internet.

And I think I can mimic its functionality more cleanly through other means by using DTD and CSS.

Okay.

So would I just directly use the https://github.com/Whonix/whonix-welcome-page repo now, and delete my initial https://github.com/WhonixQubes/whonix-welcome-page repo?

No. Keep the repo. This is the plan:

• You commit to WhonixQubes/whonix-welcome-page.
• You fetch from Whonix/whonix-welcome-page and merge into WhonixQubes/whonix-welcome-page.
• I’ll fetch and from WhonixQubes/whonix-welcome-page and merge into Whonix/whonix-welcome-page.
• (I’ll fetch and from WhonixQubes/whonix-welcome-page and merge into adrelanos/whonix-welcome-page.)
• Should be kinda usual plan. Git is decentralized.

You can get git write access to Whonix/* when you feel comfortable with git. (Not that it would ease anything for either one of us.)