A interesting GSoC project is a fingerprinting test site for TBB only. Would be useful to link to it from the intro page.
Repository: GitHub - plaperdr/fp-central: A platform to study browser fingerprinting
Beta: https://fpcentral.irisa.fr
https://lists.torproject.org/pipermail/tor-dev/2016-July/011233.html
Good day,
As much as I would appreciate having such a test, the problem with this one seems to be that it only works when JS is active, thus making what it “puts out” rather useless in terms of the average user.
Have a nice day,
Ego
Any false positive would lead to high FUD rate in the forums and cause a lot time being spend with researching and explaining stuff while losing time working on actual issues. For that reason the Browser Tests - Whonix page as created.
I see. So I should list it there instead?
EDIT:
Done
This is not really a big deal. The Whonix logo homepage in Tor Browser no longer shows up as of late. Does anyone know why?
Hi, see below. It was related to some security hole fixed by the Tor Project in recent times, which currently breaks file:/// resources.
Any change suggestions?
It could use a few changes. Add,
- Freedom Software
- Trademarks
- Donate Button(?) should stand out from the links. Maybe different color (not orange) and location on page.
I’ll see about getting that done when I have a few minutes.
Sounds great!
Sorry, I should have been clearer. I meant the ASCII Whonix logo that appears as the Whonix landing page whenever Tor Browser is started. @iry did it some time ago (I believe because some Tor Browser change at that time broke the previous version that did have a high-def Whonix logo if I remember correctly).
Actually I like the 2020 version of the Whonix logo. It seems a waste not to use it in the landing page, particularly since people like it.
Don’t know about the logo contest.
Would be good if that could be fixed. Sure I agree, no question, ASCII Whonix logo is bad. Better replaced with real image. But I somehow doubt that the underlying Tor Browser bugs which made this required were fixed in meanwhile. Passage of time doesn’t equal progress on lowest priority / wishlist bugs. From Tor Browser development perspective this is super low priority. Not easy to even find that discussion / bug report now.
I’ll have a look and see if I can find it.
This looks like it. Fixed two years ago.
Tor Browser only render HTML for local pages via file://, no images/CSS
In Tor Browser 7.0.10 (and earlier too, see below), if I open a local page via file:// only the HTML is rendered, but images are broken and CSS isn’t applied at all.
So I presume this broke in Whonix at that time, devs reacted, and the community has had the unpretty ASCII every since.
Doesn’t look like anybody complained about it breaking since then over on trac.torproject.org, so it would probably be a low-risk change if Whonix reverted to using a nice hi-def image (2020 logo version).
Awesome! Will be fixed in Whonix 15.0.1.3.5
and upgrades later.
(Not included in the soon upcoming Whonix 15.0.1.3.4
.)
Its nice to have search engines added to whonix welcome page but there are some notices one them and better changes:
- Qwant
When searching using https://www.qwant.com/ with safest TBB it will redirect user to https://lite.qwant.com/ and if you type anything for search it wont search for you. a plus+ its proprietary, centralized search engine
Doesnt has onion domain.
Exact same issues as Qwant but this one doesnt search at all without enabling JS.
This one is nice that you can search without JS. but its Proprietary and blocking Tor users to view their blog content (over cloudflare) e.g: (although cookies are enabled in TBB while browsing anyway)
Please enable cookies.
Error 1001 Ray ID:72dc65d21acclda2 • 2020-05-07 14:22:18 UTC
DNS resolution error
What happened?
You’ve requested a page on a website (blog.ecosia.org) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (blog.ecosia.org). There are two potential causes of this:
- Most likely: if the owner just signed up for Cloudflare it can take a few minutes for the website’s information to be distributed to our global network.
- Less likely: something is wrong with this site’s configuration. Usually this happens when accounts have been signed up with a partner organization (e.g., a hosting provider) and the provider’s DNS fails.
Cloudflare Ray ID: 72dc65d21acclda2 • Your IP: 2615:8120:8040:6ca1::1d1:8d66 • Performance & security by Cloudflare
But this can be useful at least while using safest tbb security option.
This one is great , free software metasearch engine, only enhancement here switch its TLS link to Onion:
http://b7cxf4dkdsko6ah2.onion/
- Replacement to peekier or qwant can be implemented to add Onion SearX, for e.g:
http://juy4e6eicawzdrz7.onion/
This instance maintained by Snopyta , Mentioned as well in SearX instances (then go to Online Tor).
Another enhancement to whonix welcome page:
- Change Torproject website from TLS to Onion
Why is Peekier added to the local homepage? It is hosted by Cloudflare and does not work without JavaScript. Its ownership is also undefined. This does not seem trustworthy to me.
I think it would be good to prefer onion services on the homepage. Metager’s onion service can be shown in English. Would that make it suitable to replace the clearnet link?
My arbitrary criteria:
It’s alternative search engines which provide less censored / more interesting search results. Whonix doesn’t receive payment for any listings. Considered candidates are those having good quality, less censored search results.
Privacy by policy / ownership / location / hosted by which data center is not considered. There is no escape from cloudshare / AWS:
- Debian uses CDNs amazon AWS and fastly.
- Tor Project Sponsors Page Quote
-
Fastly’s global edge cloud platform processes, serves, and secures applications as close to users as possible, at the edge of the network. Fastly generously hosts our Tor Browser update downloads that can be fetched anonymously.
- Sponsoring the Tor project with content delivery services
- Distrusting Infrastructure
- Self-Hosting vs Third Party Hosting
- In short: It’s futile to attempt to research most secure server location of search engines and to make decisions optimized for that.
Non-javascript support isn’t considered either. Impractical. Even these forums here require javascript.
High risk of law of triviality / bikeshed. There’s no way to optimize for all goals at once. I don’t intent to spend a lot time debating favorite colors (choice of search engines).