The SecBrowser PR was merged into the customization sub directory.
Updated Elecrum wiki with DDoS attack notice.
https://whonix.org/w/index.php?title=Electrum&oldid=49538&diff=cur
Good work 0brand - all nice contributions. Keep em coming…
Moved SecBrowser Qubes stub to deprecated for later Qubes Community edits if needed. I’m going to move a few parts of that page to SecBrowser proper.
https://whonix.org/w/index.php?title=Deprecated&diff=49570&oldid=49470
Up next pass-sec
Migrated Privacy and Fingerprinting resistance from Qubes stub to SecBrowser. While some of the content is a duplicate from the Data Collection Techniques Wiki users are more likely read that section if they don’t have to browser to a different wiki page.
A post was split to a new topic: Tor Browser Hardening (hardened malloc, firejail, apparmor) vs Web Fingerprint
NoScript leaks browser locale if objects are blocked and JavaScript is allowed. Might be a good idea to add to the Tor Browser Wiki.
Created Templates for splitting SecBrowser. Will have the pages split tomorrow.
Template:SecBrowser Introduction
No modifications.
https://whonix.org/w/index.php?title=Template:SecBrowser_Introduction&stable=0
Template:SecBrowser Table Security Enhancements
Fixed “named” reference
Template:SecBrowser Privacy and Fingerprinting Resistance
Due to spacing the SecBrowser Trade mark “™” moved to the next line in the Table. Fixed by removing space.
Template:Install SecBrowser Introduction
No modifications.
https://whonix.org/wiki/Template:Install_SecBrowser_Introduction
Template:SecBrowser Settings
-
Removed mention of AppVM to make template usable for both Qubes and Debian host/VM pages.
-
Removed
gedit
for text editor in steps and replaced withnano
. -
Added “Note: The following examples make use of nano text editor. However, users should prefer an editor that is most familiar and easy to use.”
-
Changed "security slider set to ‘Standard’ " to "security slider set to ‘Safest’ " as per: https://github.com/Whonix/tb-updater/pull/10
-
A few minor Nits.
https://whonix.org/wiki/Template:SecBrowser_Settings
Template:SecBrowser Download Alpha Versions
No modifications.
https://whonix.org/wiki/Template:SecBrowser_Download_Alpha_Versions
Template:SecBrowser FAQ
-
Removed mention of Qubes
-
Question “Can I use SecBrowser ™ in a Whonix-Workstation VM (anon-whonix)?”
I added Whonix-Gateway in answer to make it usable for both Qubes and Debian host/VM pages.
https://whonix.org/wiki/Template:SecBrowser_FAQ
Template:SecBrowser Disclaimer
No modifications
Looks perfect so far!
Made some changes to the new SecBrowser Templates due to previous changes in configuration file location:
tb-updater
/usr/share/tb-updater/tb_without_tor_settings.js
was moved to
tb-starter
/usr/share/secbrowser/user.js
Changes to SecBrowser Settings :
https://www.whonix.org/w/index.php?title=Template:SecBrowser_Settings&stable=0
Changes to SecBrowser FAQ:
https://www.whonix.org/w/index.php?title=Template:SecBrowser_FAQ&diff=49710&oldid=49675
Split SecBrowser page into Qubes and Debian pages. The page titles are fairly simple. Tried a few different page titles for example; SecBrowser in Qubes: A Security hardnened non-anonmous Browser in Qubes but I don’t it looked that great.
https://whonix.org/w/index.php?title=SecBrowser_in_Debian&oldid=49714&diff=cur
https://whonix.org/w/index.php?title=SecBrowser_™_in_Qubes_OS&oldid=49712&diff=cur
https://github.com/Qubes-Community/Contents/pull/67
I’ll leave the older SecBrowser wiki page up for a little while until all PR are merged.
Just realized I left out " ™ " in SecBrowser in Debian page title. Fixed .
Usually I did not use TM in page names (links) since these look ugly when copied/pasted elsewhere.
Tittle can and should use it. Page name (link) (i.e. move page) not so much.
Can stay as is (rather minor thing) but I don’t think we should go ahead and change lots of links in Whonix wiki because of this.
Thanks - your seal of approval is always a good indicator for wiki editors
Also:
- Remailers entry -> Fixed
- Nym servers entry -> Fixed
Let’s also make the Signal entry in that section pretty (currently states “UNFINISHED” and “good enough”), and then only the Email entry needs updating for it all to be current.
I was looking around for where you got the Signal fingerprint from with no luck etc. Maybe you can give me a pointer.
Edit: can we claim ‘TM’ status on SecBrowser without actually doing some kind of legal paperwork or similar? I have no idea, but doubt you can just claim it.
Put exactly the following string
"DBA36B5181D0C816F630E889D980A17457F6FB06"
into exactly the following search engine:
The quotes help to make google search for that and really only that.
Also if you’re unsure, you can for any gpg keys always contact upstream. Mostly I do this by creating a bug ticket. Would be easy for signal since they use github.
Support: Professional Support
I.e. this was created for a customer a while ago. Other than that, I am not interested much in signal
in context of Whonix since it requires phone numbers for registration. Maybe this can be marked better and/or removed from Documentation index but I wouldn’t want to spend more time on it than necessary.
Same goes for:
(which is nonfreedom software)
Re: explicit search “ABCD” etc - yes aware of that function. Just nothing was coming up in non-Google engines - I see Google’s engine finds it straight away…
(I don’t remember the last time I used the Stasi engine, because they should be avoided like the plague - ironically years ago you rarely could search effectively with Tor Browser. They’ve probably found some way to try and tag Tor users, else why would they have liberalized their search engine parameters since they are so hostile to privacy and generally blow the government’s wang in all regards).
I might try and clean up the entry, but if the online info is scarce, then might just remove it from the ToC listing since registered phones is incompatible with Whonix intent.
Although, adding the ‘Xenial’ repo leads to a frankenstein version of Debian (Whonix) which has mixed sources - as you know this is generally recommended against.
In the long run, Signal should just bite the bullet and modify their software for a pure standalone desktop app with their solid E2E encryption, and no shitty, hopelessly insecure mobile required. I’m sure Moxie is more than capable…
Capable for sure, willing no. We might have had a forum thread on signal. It does other sketchy stuff too.