[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Long Wiki Edits Thread

That’s really the question. Let’s redirect that question here.

1 Like

With the exception of changing the name, the Tor Browser without Tor Qubes documentation enhancement is completed. Could anyone please review this before I make the pull request? I put it in a README.md temporary.

1 Like

Migrated “What is Clearnet?” to a template.

https://whonix.org/wiki/Template:What_is_Clearnet

And added to https://whonix.org/w/index.php?title=DoNot&oldid=48093&diff=cur

I’ll add it to Tor Browser without Tor once I get that page cleaned up.

1 Like

Dunno if Qubes wiki supports footnotes. Never seen.

Tor Browser without TorTor Browser

Looks strange.

is a fork of the Mozilla Firefox web browser with patches that enhance both security and privacy. It routes all traffic through the Tor network to conceal a users and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it very difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms.[1]

But it is also possible (and easy!) to use Tor Browser without Tor and take advantage of its excellent enhancements for reducing linkability, which is, “the ability for a user’s activity on one site to be linked with their activity on another site without their knowledge or explicit consent.”[2] Even without routing traffic over the Tor network, Tor Browser offers better protection from online tracking than Firefox, Google Chrome/Chromium or Microsoft Edge, especially against fingerprinting, without any customization necessary.[3]

Could you please swap that? First say, what it really is. Not mentioning Tor. Better for attention. Then later say, that it is based on Tor Browser which gets reconfigured.

Privacy and Security Focused Browser

Would suggest to drop privacy from title only. Those who wants privacy would look into Whonix, I suppose. However, security focused browser is a strong thing. Privacy could be mentioned last since kinda the weaker argument, more of a bonus for that user group.

http://deb.whonix.org

qubes-core-agent (git master) depends on apt-transport-https. Default installed package already? Therefore possible in Qubes to use https by default? Qubes repos also https by default nowadays anyhow?

--clearnet

Perhaps better to use config option tb_clearnet=true so users don’t have to remember using --clearnet all the time?

While tb-updater package Recommends: tb-starter package, this isn’t reliable if someone only installed tb-updater.

sudo apt-get install tb-updater
sudo apt-get install tb-updater tb-starter

Not sure if also worth mentioning https://github.com/Whonix/tb-default-browser or leaving that open for further enhancement.

This is very nice! Well done. :slight_smile:

What do you think of HulaHoop’s SecBrowser name? Looks pretty catchy.

Suggestions

It routes all traffic through the Tor network to conceal a users and usage from anyone conducting network surveillance or traffic analysis.

Reword “users and usage” section to clarify.

  1. Missing quotation on first paragraph, last line.

  2. Selfrando is being deprecated. I footnoted that on the Hardening List page or Tor Browser page somewhere (the Tor bug referencing it). Also the devs opine that they don’t believe it offers much more protection, hence why it will be gone shortly.

So, I’d remove that or footnote it for posterity.

  1. You might footnote somewhere that users could manually attempt to make a ton of about:config changes, install specific add-ons etc to try and approach Tor Browser sec level, but a) waste of time & b) unlikely to get the refined benefit of devs who know what they are doing

  2. Security Slider bullet point

attack you security -> attack your security

Then tb-updater can be downloaded and verify in the TemplateVM. ->

Then tb-updater can be downloaded and verified in the TemplateVM.

  1. Steps 1 to 9, there are a bunch of periods missing at the end of sentences.

  2. keys -> key’s

If you prefer to disable this feature open tb_without_tor_settings.js in an editor as previously shown.

I would repeat the one line step to protect against user error here.

Whonix developers focus their efforts on an ->

Whonix developers focus their efforts on

  1. FAQs -> FAQ

(more conventional IMO)

Can is use the --clearnet switch ->

Can I use the --clearnet switch

Yes, but this could degrade security and privacy. See; Normalizing Tor Browser behavior. ->

Yes, but this could degrade security and privacy, see: Normalizing Tor Browser behavior.

1 Like

Yes, all the customization thing could go to a separate wiki page? Otherwise it makes this beautiful thing look more difficult that it is.

sudo gedit /usr/share/tb-updater/tb_without_tor_settings.js

This file will get overwritten on tb-starter package upgrade. Nothing against it since that works for newly created AppVMs if keeping that in mind.

Editing ~/.tb//Browser/TorBrowser/Data/Browser/profile.default/user.js might be better, but that is AppVM specific.

The current code is this:

   if diff /usr/share/tb-updater/tb_without_tor_settings.js "$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.default/user.js" >/dev/null 2>&1 ; then
      true "our version exists"
   elif test -f "$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.default/user.js" ; then
      true "some version exists"
   else
      cp /usr/share/tb-updater/tb_without_tor_settings.js "$tb_browser_folder/Browser/TorBrowser/Data/Browser/profile.default/user.js"
   fi

In other words, if the our version of user.js or some version already exists in home folder, we won’t overwrite. But if no version of user.js exists yet we will copy our version there.

Variables are currently not supported. But would be easy to add in case /usr/share/tb-updater/tb_without_tor_settings.js is too limited / a nuisance for customization. By using a variable users could point away from /usr/share/tb-updater/tb_without_tor_settings.js to their own settings.js file somewhere.

HulaHoop via Whonix Forum:

Ca we run the mediawiki extension that check for dead links and replaces them with their offline archived versions form archive.org?

Which one would that be?

See also:

https://phabricator.whonix.org/T918

There’s another besides this that scans for broken links but it is maintained and not expected to work with newer mediawiki versions.

https://www.mediawiki.org/wiki/Extension:ArchiveLinks

1 Like

https://www.whonix.org/wiki/Tor_Browser page maybe would be better renamed to

  • Web Browser
  • Web Browsing

?

That would be more in line with https://www.whonix.org/wiki/Chat, https://www.whonix.org/wiki/File_Sharing, https://www.whonix.org/wiki/E-Mail, etc. Usually we reference the generic task rather than a specific application, even though in this case there is only one recommended application.

If sensible, I could search and mass replace Tor Browser to something else (to update all links).

They are fake foot notes. Some Qubes docs have them but these are prettier < sup > (link) < /sup >

Very strange. Have a private repo for rough editing. Put that in the wrong repo :slight_smile:

Done.

This browser needs a name instead of just saying Security Focused Browser . I changed everything to SecBrowser. Good?

There are a few areas with Tor Browser/Tor Browser without Tor where needed.

Fixed.

If tb_clearnet=true was added to /etc/torbrowser.d/50_user.conf in the TemplateVM, all AppVMs based on that template would spawn a Tor Browser without Tor. So users would need to have a separate TemplateVM for a default Tor Browser for testing connectivity etc.

Is there a better way besides a variable? Maybe add a line in .bashrc redirecting tb_clearnet=true to 50_user.conf on VM startup?

Doesn’t work “Permission denied”

You mean tb-starter should be included when installing tb-updater? Fixed?

Can be added after this enhancement gets added to Qubes docs?

Great idea! Will add to FAQ. Added to second paragraph.

The last tutorial we wrote for Qubes, someone removed all the periods in the steps afterwards. Not sure why. Was trying to get ahead of the curve.

https://www.qubes-os.org/doc/disposablevm-customization/#create-custom-sys-net-sys-firewall-and-sys-usb-disposablevms

I added them back to the new tutorial.

Rest of the those edits complete. Thanks!

Fixed. added steps to edit AppVM and,

See Normalizing SecBrowser behaviour

Note: If users edit the TemplateVM to modify SecBrowser behavior, all AppVMs created thereafter will inherit those changes. However, AppVMs created prior to the aforementioned edits will not benefit from any changes to the SecBrowser configuration file in the TemplateVM.

https://github.com/0brand/Privacy-and-Security-Focused-Browser/edit/master/README.md

2 Likes

Awesome!

If tb_clearnet=true was added to /etc/torbrowser.d/50_user.conf in the TemplateVM, all AppVMs based on that template would spawn a Tor Browser without Tor. So users would need to have a separate TemplateVM for a default Tor Browser for testing connectivity etc.

Is there a better way besides a variable? Maybe add a line in .bashrc redirecting tb_clearnet=true to 50_user.conf on VM startup?

Good point. /etc/torbrowser.d/50_user.conf is indeed applicable to all
AppVMs based on that TemplateVM using tb-starter.

As AppVM specific method, the following should work (just now checked in
the source code).

sudo mkdir -p /rw/config/torbrowser.d and file
/rw/config/torbrowser.d/50_user.conf could be used. Up to users which
way they want to configure it. Not sure if both should be documented for
completeness or just one method for simplicity.

Rewritten a bit the first text block for more focus on security.

I think both methods. Let users decide what they wan to use.

Once changes are made, it would be a good idea to let torjunkie take a look before making the Qubes pull request.

Easier to understand now. :slight_smile:

1 Like

Made a few small edits. Change --clearnet --> tb_clearne=true throughout tutorial.

Added two configuraion options.

sudo mkdir -p /rw/config/torbrowser.d, or

sudo mkdir -p /rw/config/torbrowser.d/50_user.conf

Next, add

tb_clearnet=true

https://github.com/0brand/Privacy-and-Security-Focused-Browser/blob/master/README.md

I think this might be ready for a Qubes pull request?

2 Likes

This is wrong since it is the full file name. Correct would be:

sudo mkdir -p /rw/config/torbrowser.d/

Happens every time i rush and dont test.

Fixed.

https://github.com/0brand/Privacy-and-Security-Focused-Browser/commit/3b024ea2fc2e8a4d7e8c993769d1d3711ce1d7bb#diff-04c6e90faac2675aa89e2176d2eec7d8

Also fixed “footnote” numbering and minor typo in later pull requests.

1 Like
sudo gedit

Could be an issue as per https://www.whonix.org/wiki/Operating_System_Software_and_Updates#GUI_Applications_with_Root_Rights

Do you know how Qubes handles this in other cases? If they use sudo gedit usually we could repeat it here, otherwise perhaps better not?

1 Like