[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Long Wiki Edits Thread

https://www.whonix.org/wiki/Tor_Browser page maybe would be better renamed to

  • Web Browser
  • Web Browsing

?

That would be more in line with https://www.whonix.org/wiki/Chat, https://www.whonix.org/wiki/File_Sharing, https://www.whonix.org/wiki/E-Mail, etc. Usually we reference the generic task rather than a specific application, even though in this case there is only one recommended application.

If sensible, I could search and mass replace Tor Browser to something else (to update all links).

They are fake foot notes. Some Qubes docs have them but these are prettier < sup > (link) < /sup >

Very strange. Have a private repo for rough editing. Put that in the wrong repo :slight_smile:

Done.

This browser needs a name instead of just saying Security Focused Browser . I changed everything to SecBrowser. Good?

There are a few areas with Tor Browser/Tor Browser without Tor where needed.

Fixed.

If tb_clearnet=true was added to /etc/torbrowser.d/50_user.conf in the TemplateVM, all AppVMs based on that template would spawn a Tor Browser without Tor. So users would need to have a separate TemplateVM for a default Tor Browser for testing connectivity etc.

Is there a better way besides a variable? Maybe add a line in .bashrc redirecting tb_clearnet=true to 50_user.conf on VM startup?

Doesn’t work “Permission denied”

You mean tb-starter should be included when installing tb-updater? Fixed?

Can be added after this enhancement gets added to Qubes docs?

Great idea! Will add to FAQ. Added to second paragraph.

The last tutorial we wrote for Qubes, someone removed all the periods in the steps afterwards. Not sure why. Was trying to get ahead of the curve.

https://www.qubes-os.org/doc/disposablevm-customization/#create-custom-sys-net-sys-firewall-and-sys-usb-disposablevms

I added them back to the new tutorial.

Rest of the those edits complete. Thanks!

Fixed. added steps to edit AppVM and,

See Normalizing SecBrowser behaviour

Note: If users edit the TemplateVM to modify SecBrowser behavior, all AppVMs created thereafter will inherit those changes. However, AppVMs created prior to the aforementioned edits will not benefit from any changes to the SecBrowser configuration file in the TemplateVM.

https://github.com/0brand/Privacy-and-Security-Focused-Browser/edit/master/README.md

2 Likes

Awesome!

If tb_clearnet=true was added to /etc/torbrowser.d/50_user.conf in the TemplateVM, all AppVMs based on that template would spawn a Tor Browser without Tor. So users would need to have a separate TemplateVM for a default Tor Browser for testing connectivity etc.

Is there a better way besides a variable? Maybe add a line in .bashrc redirecting tb_clearnet=true to 50_user.conf on VM startup?

Good point. /etc/torbrowser.d/50_user.conf is indeed applicable to all
AppVMs based on that TemplateVM using tb-starter.

As AppVM specific method, the following should work (just now checked in
the source code).

sudo mkdir -p /rw/config/torbrowser.d and file
/rw/config/torbrowser.d/50_user.conf could be used. Up to users which
way they want to configure it. Not sure if both should be documented for
completeness or just one method for simplicity.

Rewritten a bit the first text block for more focus on security.

I think both methods. Let users decide what they wan to use.

Once changes are made, it would be a good idea to let torjunkie take a look before making the Qubes pull request.

Easier to understand now. :slight_smile:

1 Like

Made a few small edits. Change --clearnet --> tb_clearne=true throughout tutorial.

Added two configuraion options.

sudo mkdir -p /rw/config/torbrowser.d, or

sudo mkdir -p /rw/config/torbrowser.d/50_user.conf

Next, add

tb_clearnet=true

https://github.com/0brand/Privacy-and-Security-Focused-Browser/blob/master/README.md

I think this might be ready for a Qubes pull request?

2 Likes

This is wrong since it is the full file name. Correct would be:

sudo mkdir -p /rw/config/torbrowser.d/

Happens every time i rush and dont test.

Fixed.

https://github.com/0brand/Privacy-and-Security-Focused-Browser/commit/3b024ea2fc2e8a4d7e8c993769d1d3711ce1d7bb#diff-04c6e90faac2675aa89e2176d2eec7d8

Also fixed “footnote” numbering and minor typo in later pull requests.

1 Like
sudo gedit

Could be an issue as per https://www.whonix.org/wiki/Operating_System_Software_and_Updates#GUI_Applications_with_Root_Rights

Do you know how Qubes handles this in other cases? If they use sudo gedit usually we could repeat it here, otherwise perhaps better not?

1 Like

Qubes documentation is inconsistent.

Users have to fill in the blanks: (docs geared more towards advanced users)

https://www.qubes-os.org/doc/uefi-troubleshooting/

Also a lot of redirection( users really don’t learn anything)

https://www.qubes-os.org/doc/split-gpg/

Not sure what to use with qubes

1 Like

Nitpicking on myself, on something which couldn’t be documented better since the source code for that does not exist yet. Perhaps the following terms are confusing…?

  • update-torbrowser
  • torbrowser
  • /rw/config/torbrowser.d/

All of that could be changed… Wrappers could be added with ease.

  • update-torbrowser -> update-secbrowser
  • torbrowser -> secbrowser
  • /rw/config/torbrowser.d/ -> /usr/local/etc/torbrowser.d/ -> /usr/local/etc/secbrowser.d/

For example /usr/bin/secbrowser (not for documentation, I could add this to the source code very soon):

#/bin/bash
torbrowser --clearnet "$@"

In result users would not have to confusingly type qvm-run <appvm_name> torbrowser and could use qvm-run <appvm_name> secbrowser instead.

Also availability of /usr/bin/secbrowser would allow us to add another, dedicated .desktop file, i.e. start menu entry.

  • That start menu entry would be hidden (never visible by default) to users inside Whonix
  • And users starting the Tor Browser start menu entry while tb_clearnet=true / --clearnet / secbrowser would be informed automagically that this is not possible (unless they remove the file that was created to protect from that). ""Clearnet marker file exists and trying to start without --clearnet. Aborted. A Tor Browser that was previously started with --clearnet should not be started without --clearnet." (Will improve that error message.)

This biggest issue is flip-flopping between SecBrowser… Tor Browser, torbrowser and Tor Browswer without Tor… in the documentation. It was difficult for me to decide which term to use in some areas. It would likely be confusing for end users as well. Even more so.

I didn’t catch this one. Users might think they are starting Tor Browser. Would be worth the effort.

All of this would make SecBrowser more of a standalone Browser. Meaning not always over shadowed by Tor Browser. Thats the biggest reason why Tor Browser without Tor never caught on imo. SecBrowser needs to be its own Secure Browser. (rebranding) Kinda like Whonix is based on Debian but its not Debian. Actually its in reverse, anonymity focused -> security focused.

Changing the name would be very helpfull. Meaning when SecBrowser starts up you see SecBrowser not Tor Browser.

1 Like
2 Likes

tb-updater / tb-starter upgraded in all repositories.

  • secbrowser
  • download-secbrowser

No more tb_clearnet settings required. (Set automatically when using these wrappers.)

Will update the page on github.

2 Likes

@tempest

Good work on the new release of your mega book! Only 450 odd pages though - slacking off? :wink:

But it is beautiful timing because the wiki editing train has arrived at your email wiki page.

I see you updated to a nice new provider. Are all those TorBirdy manual settings at the start still required as we have it in the wiki page? Or just cut it all out?

Other than updating pics from your guide, email provider etc, does much else have to change there?

I can probably get started on it pretty soon (couple of other things to finish off first), but if you are keen for some edits it would be very much appreciated.

2 Likes

It is very good, but I have some last minute nit suggestions (take or leave) :slight_smile:

SecBrowser is a security focused browser that provides better protection from exploits, thereby reducing the risk of a virus infection.

->

SecBrowser is a security-focused browser that provides better protection from exploits, thereby reducing the risk of infection from malicious, arbitrary code.

Enhanced usability is achieved with a built-in security slider that can be used to easily disable web site features that increase attack surface such as JavaScript.

->

A built-in security slider provides enhanced usability, as website features which increase the attack surface (like JavaScript) can be easily disabled.

In the default configuration, SecBrowser offers better security than Firefox, Google Chrome or Microsoft Edge without any customizations necessary.[1]

->

Without any customization, SecBrowser’s default configuration offers better security than Firefox, Google Chrome or Microsoft Edge.[1]

It also has better protections from online tracking, fingerprinting and reduces users linkability across websites.

->

It also provides better protection from online tracking, fingerprinting and the linkability of activities across different websites.

  1. time consuming -> time-consuming

While users can install browser extensions to mitigate specific attack vectors. Its unlikely to compare to SecBrowser which leverages the experience and know how of the Tor Project devs and the battle tested Tor Browser.

->

While browser extensions can be installed to mitigate specific attack vectors, this ad hoc approach is insufficent. SecBrowser leverages the experience and knowledge of skilled Tor Project developers, and the battle-tested Tor Browser.

Security Slider: Lets you increase your security by disabling certain web features that could be used to attack your security.[4]

->

Security Slider: Enables improved security by disabling certain web features that can be used as attack vectors.[4]

Tor Browser can be installed using tb-updater which is a package developed and maintained by Whonix developers. When run, tb-updater seamlessly automates the download and verification of Tor Browser (from The Tor Project’s website).

->

Tor Browser can be installed using tb-updater, which is a package developed and maintained by Whonix developers. When run, tb-updater seamlessly automates the download and verification of Tor Browser (from The Tor Project website).

Moreover, for users that have a requirement for a security focused clearnet browser (SecBrowser), tb-updater comes with the functionality to disable Tor prebaked into the source.

->

Another benefit of tb-updater is the ability to disable Tor is pre-baked into the source code, so a security-focused clearnet browser (SecBrowser) is readily available.

To disable Tor, users need only configure the tb_clearnet=true option in the initial set up.[10] Unlike other methods that require users to manually disable Tor, this greatly simplifies configuration and lessons the chances that a configuration error will be made.

->

To disable Tor, only the tb_clearnet=true option needs to be configured during the initial set up.[10] Unlike other manual methods of disabling Tor, this greatly simplifies the procedure and lessens the chance of a configuration error.

However, as outlined in this Qubes issue downloading GPG keys with APT will fail in TemplateVMs.

->

However, as outlined in this Qubes issue, downloading GPG keys with APT will fail in TemplateVMs.

Compare the fingerprint displayed in the terminal to the one listed at the following link; https://www.whonix.org/wiki/Patrick_Schleizer.

->

Compare the fingerprint displayed in the terminal to the one listed at the following link: https://www.whonix.org/wiki/Patrick_Schleizer.

  1. (more common?)

it can safely be ignored -> it can be safely ignored

  1. (avoid periods on end of file names)

to the sources.list.

->

to sources.list

create a new folder /rw/config/torbrowser.d.

->

create a new folder /rw/config/torbrowser.d

To start SecBrowser, in a dom0 terminal, run.

->

To launch SecBrowser, run this command in a dom0 terminal.

Which is what you want when using the tb_clearnet=true option.

->

This notice is both expected and desired when using the tb_clearnet=true option.

Security Slider: SecBrowser has a “Security Slider” in the shield menu that allows you to increase security by disabling certain web features that can be used to attack your security. By default, the Security Slider is set to “Standard” which is the lowest security level. Increasing SecBrowser’s security level will prevent some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.

->

Security Slider: SecBrowser has a “Security Slider” in the shield menu. This can increase security by disabling certain web features that are possible attack vectors. By default, the Security Slider is set to “Standard” which is the lowest security level. Increasing SecBrowser’s security level will prevent some web pages from functioning properly, so security needs must be weighed against the degree of usability that is required.

This setting prevents browsing and download history as well as cookies from remaining persistent across SecBrowser restarts.

->

This setting prevents the persistence of cookies, as well as browsing and download history across SecBrowser restarts.

The user loses protection which aims to prevent for example, “activities from an earlier browser session from being linkable to a later session”. If security is paramount users can enable private browsing mode by commenting out the corresponding user preference.

->

This means users are vulnerable to attacks which can link activities between earlier and later browsing sessions. If security is paramount, then enable private browsing mode by commenting out the corresponding user preference.

When completed, the corresponding line should look like the following text block. (x3)

->

Check the text block is identical to the one below.

The extensions Disconnect, Privacy Badger and uBlock Origin are all open-source and are generally recommended.

comment only: What about canvas image extraction blockers e.g. highly fingerprintable?

Keep in mind that all NoScript preference will be overridden and all custom per-site settings lost, if the SecBrowser “Security Slider” setting is changed afterwards. This holds true regardless if the security setting was increased or decreased.

->

If the SecBrowser “Security Slider” setting is changed afterwards, all NoScript preferences are overridden and all custom, per-site settings are lost. This holds true regardless of whether the security setting was increased or decreased.

If you prefer to disable persistent NoScript setting this can easily be done by commenting out the corresponding user_pref.

->

If the persistent NoScript setting is undesirable, this can easily be disabled by commenting out the corresponding user_pref.

such as user names or password -> such as user names or passwords

To implement this, signon.rememberSignons is set to true in which allows this information to be saved across browser sessions.

->

To implement this signon.rememberSignons is set to true, thereby allowing this information to be saved across browser sessions.

If you prefer to disable this feature open user.js in an editor and comment out the corresponding user_pref.

->

If this feature is undesirable, it can be disabled by opening user.js in an editor and commenting out the corresponding user_pref.

This term has two meaning.[12] -> This term has two meanings.[12]

which can be used to change browser configuration and behavior.

->

which can be used to change the browser configuration and behavior.

  1. config snippett -> config snippet

the corresponding Tor Browser profile were the custom

->

the corresponding Tor Browser profile where the custom

Tor is disabled by setting these three preferences to false.

->

Tor is disabled by setting the following three preferences to false.

VMs behind a sys-whonix are always routed through Tor, traffic would still be torified.

->

VMs behind sys-whonix are always routed through Tor, which means traffic would still be torified.

Yes, but this could degrade security and privacy. see: Normalizing SecBrowser behavior.

->

Yes, but this could degrade security and privacy; see Normalizing SecBrowser behavior.

OR

Yes, but this could degrade security and privacy. See: Normalizing SecBrowser behavior.

  1. Can I submit patch? -> Can I submit a patch?
3 Likes

They all look good to me. :wink:

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]