Happens every time i rush and dont test.
Also fixed “footnote” numbering and minor typo in later pull requests.
Happens every time i rush and dont test.
Also fixed “footnote” numbering and minor typo in later pull requests.
Could be an issue as per https://www.whonix.org/wiki/Operating_System_Software_and_Updates#GUI_Applications_with_Root_Rights
Do you know how Qubes handles this in other cases? If they use
sudo gedit usually we could repeat it here, otherwise perhaps better not?
Qubes documentation is inconsistent.
Users have to fill in the blanks: (docs geared more towards advanced users)
Also a lot of redirection( users really don’t learn anything)
Not sure what to use with qubes
Nitpicking on myself, on something which couldn’t be documented better since the source code for that does not exist yet. Perhaps the following terms are confusing…?
All of that could be changed… Wrappers could be added with ease.
/usr/bin/secbrowser (not for documentation, I could add this to the source code very soon):
#/bin/bash torbrowser --clearnet "$@"
In result users would not have to confusingly type
qvm-run <appvm_name> torbrowser and could use
qvm-run <appvm_name> secbrowser instead.
Also availability of
/usr/bin/secbrowser would allow us to add another, dedicated
.desktop file, i.e. start menu entry.
secbrowserwould be informed automagically that this is not possible (unless they remove the file that was created to protect from that). "
"Clearnet marker file exists and trying to start without --clearnet. Aborted. A Tor Browser that was previously started with --clearnet should not be started without --clearnet."(Will improve that error message.)
This biggest issue is flip-flopping between SecBrowser… Tor Browser, torbrowser and Tor Browswer without Tor… in the documentation. It was difficult for me to decide which term to use in some areas. It would likely be confusing for end users as well. Even more so.
I didn’t catch this one. Users might think they are starting Tor Browser. Would be worth the effort.
All of this would make SecBrowser more of a standalone Browser. Meaning not always over shadowed by Tor Browser. Thats the biggest reason why Tor Browser without Tor never caught on imo. SecBrowser needs to be its own Secure Browser. (rebranding) Kinda like Whonix is based on Debian but its not Debian. Actually its in reverse, anonymity focused -> security focused.
Changing the name would be very helpfull. Meaning when SecBrowser starts up you see SecBrowser not Tor Browser.
tb-updater / tb-starter upgraded in all repositories.
No more tb_clearnet settings required. (Set automatically when using these wrappers.)
Will update the page on github.
Good work on the new release of your mega book! Only 450 odd pages though - slacking off?
But it is beautiful timing because the wiki editing train has arrived at your email wiki page.
I see you updated to a nice new provider. Are all those TorBirdy manual settings at the start still required as we have it in the wiki page? Or just cut it all out?
Other than updating pics from your guide, email provider etc, does much else have to change there?
I can probably get started on it pretty soon (couple of other things to finish off first), but if you are keen for some edits it would be very much appreciated.
It is very good, but I have some last minute nit suggestions (take or leave)
SecBrowser is a security focused browser that provides better protection from exploits, thereby reducing the risk of a virus infection.
SecBrowser is a security-focused browser that provides better protection from exploits, thereby reducing the risk of infection from malicious, arbitrary code.
In the default configuration, SecBrowser offers better security than Firefox, Google Chrome or Microsoft Edge without any customizations necessary.
Without any customization, SecBrowser’s default configuration offers better security than Firefox, Google Chrome or Microsoft Edge.
It also has better protections from online tracking, fingerprinting and reduces users linkability across websites.
It also provides better protection from online tracking, fingerprinting and the linkability of activities across different websites.
time consuming -> time-consuming
While users can install browser extensions to mitigate specific attack vectors. Its unlikely to compare to SecBrowser which leverages the experience and know how of the Tor Project devs and the battle tested Tor Browser.
While browser extensions can be installed to mitigate specific attack vectors, this ad hoc approach is insufficent. SecBrowser leverages the experience and knowledge of skilled Tor Project developers, and the battle-tested Tor Browser.
Security Slider: Lets you increase your security by disabling certain web features that could be used to attack your security.
Security Slider: Enables improved security by disabling certain web features that can be used as attack vectors.
Tor Browser can be installed using tb-updater which is a package developed and maintained by Whonix developers. When run, tb-updater seamlessly automates the download and verification of Tor Browser (from The Tor Project’s website).
Tor Browser can be installed using tb-updater, which is a package developed and maintained by Whonix developers. When run, tb-updater seamlessly automates the download and verification of Tor Browser (from The Tor Project website).
Moreover, for users that have a requirement for a security focused clearnet browser (SecBrowser), tb-updater comes with the functionality to disable Tor prebaked into the source.
Another benefit of tb-updater is the ability to disable Tor is pre-baked into the source code, so a security-focused clearnet browser (SecBrowser) is readily available.
To disable Tor, users need only configure the tb_clearnet=true option in the initial set up. Unlike other methods that require users to manually disable Tor, this greatly simplifies configuration and lessons the chances that a configuration error will be made.
To disable Tor, only the tb_clearnet=true option needs to be configured during the initial set up. Unlike other manual methods of disabling Tor, this greatly simplifies the procedure and lessens the chance of a configuration error.
However, as outlined in this Qubes issue downloading GPG keys with APT will fail in TemplateVMs.
However, as outlined in this Qubes issue, downloading GPG keys with APT will fail in TemplateVMs.
Compare the fingerprint displayed in the terminal to the one listed at the following link; https://www.whonix.org/wiki/Patrick_Schleizer.
Compare the fingerprint displayed in the terminal to the one listed at the following link: https://www.whonix.org/wiki/Patrick_Schleizer.
it can safely be ignored -> it can be safely ignored
to the sources.list.
create a new folder /rw/config/torbrowser.d.
create a new folder /rw/config/torbrowser.d
To start SecBrowser, in a dom0 terminal, run.
To launch SecBrowser, run this command in a dom0 terminal.
Which is what you want when using the tb_clearnet=true option.
This notice is both expected and desired when using the tb_clearnet=true option.
Security Slider: SecBrowser has a “Security Slider” in the shield menu that allows you to increase security by disabling certain web features that can be used to attack your security. By default, the Security Slider is set to “Standard” which is the lowest security level. Increasing SecBrowser’s security level will prevent some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
Security Slider: SecBrowser has a “Security Slider” in the shield menu. This can increase security by disabling certain web features that are possible attack vectors. By default, the Security Slider is set to “Standard” which is the lowest security level. Increasing SecBrowser’s security level will prevent some web pages from functioning properly, so security needs must be weighed against the degree of usability that is required.
This setting prevents browsing and download history as well as cookies from remaining persistent across SecBrowser restarts.
This setting prevents the persistence of cookies, as well as browsing and download history across SecBrowser restarts.
The user loses protection which aims to prevent for example, “activities from an earlier browser session from being linkable to a later session”. If security is paramount users can enable private browsing mode by commenting out the corresponding user preference.
This means users are vulnerable to attacks which can link activities between earlier and later browsing sessions. If security is paramount, then enable private browsing mode by commenting out the corresponding user preference.
When completed, the corresponding line should look like the following text block. (x3)
Check the text block is identical to the one below.
The extensions Disconnect, Privacy Badger and uBlock Origin are all open-source and are generally recommended.
comment only: What about canvas image extraction blockers e.g. highly fingerprintable?
Keep in mind that all NoScript preference will be overridden and all custom per-site settings lost, if the SecBrowser “Security Slider” setting is changed afterwards. This holds true regardless if the security setting was increased or decreased.
If the SecBrowser “Security Slider” setting is changed afterwards, all NoScript preferences are overridden and all custom, per-site settings are lost. This holds true regardless of whether the security setting was increased or decreased.
If you prefer to disable persistent NoScript setting this can easily be done by commenting out the corresponding user_pref.
If the persistent NoScript setting is undesirable, this can easily be disabled by commenting out the corresponding user_pref.
such as user names or password -> such as user names or passwords
To implement this, signon.rememberSignons is set to true in which allows this information to be saved across browser sessions.
To implement this signon.rememberSignons is set to true, thereby allowing this information to be saved across browser sessions.
If you prefer to disable this feature open user.js in an editor and comment out the corresponding user_pref.
If this feature is undesirable, it can be disabled by opening user.js in an editor and commenting out the corresponding user_pref.
This term has two meaning. -> This term has two meanings.
which can be used to change browser configuration and behavior.
which can be used to change the browser configuration and behavior.
config snippett -> config snippet
the corresponding Tor Browser profile were the custom
the corresponding Tor Browser profile where the custom
Tor is disabled by setting these three preferences to false.
Tor is disabled by setting the following three preferences to false.
VMs behind a sys-whonix are always routed through Tor, traffic would still be torified.
VMs behind sys-whonix are always routed through Tor, which means traffic would still be torified.
Yes, but this could degrade security and privacy. see: Normalizing SecBrowser behavior.
Yes, but this could degrade security and privacy; see Normalizing SecBrowser behavior.
Yes, but this could degrade security and privacy. See: Normalizing SecBrowser behavior.
They all look good to me.
Did anyone ask about…
Noscript not appearing
? Something we should document?
Do not use noscript settings. It acts as a similar to cookie.
Do we spell this out clear enough on https://www.whonix.org/wiki/Tor_Browser?
Related (might be helful to add to #Wiki_Tor_Browser)
Unfortunately https://github.com/0brand/Privacy-and-Security-Focused-Browser/pull/6 was not merged first. So now there is a merge conflict. I guess that pull request changed the documentation in more major ways (some chapters deleted). So I’d suggest to revert the last commit, merge that pull request first, and then re-apply torjunkie’s suggestions on top of that. Or perhaps the better alternative: try the resolve conflicts feature? Looks like it’s only two sentences where is a conflict. Does not look that bad.
I suggest not using github for major documentation drafts even supposed for github/Qubes/markdown as final destination and use Whonix wiki instead. This until all all-over-the-place editors on the subject (in this case torjunkie) are comfortable with git/github editing. Even if github syntax (markdown something) is not correctly rendered in mediawiki, it’s still better than running into merge conflicts.
@torjunkie thank you. the manual editing steps for torbirdy are no longer needed. the version of torbirdy installed from stretch-backports no longer points to the old vidalia/privoxy “port 8118.” so, a user can upload and download keys without editing and repackaging torbirdy. aside from the change of provider and perhaps some cosmetic issues related to either the latest thunderbird client or steps required by the provider, nothing has changed in that chapter. some additional steps were added for key creation based on how danwin1210.me sends and receives e-mails using both clearnet and onion.
also, as for length of it, i was able to remove a number of pages by incorporating the configuration for immutible drives from the start, rather than dedicating a chapter to it at the end, and using the cli to import the whonix ova file.
https://www.whonix.org/wiki/Whonix-Workstation_Security#hardened_malloc needs to be moved elsewhere since also matters for Whonix-Gateway and host. @madaidan Where does it fit best?
It wouldn’t be as much of a priority for the Gateway and host. It could probably be linked at the gateway and host hardening pages or have it’s own page entirely.