What the hell is Tor Project thinking?
Perfect example of the kind of design pitfalls that Whonix should avoid. There is absolutely ZERO explanation of Experimental or Hardened Browsers on their download page. If you search hard enough and dig through enough comments on their blog, you can come to realization that the experimental versions are slower, larger, and more prone to failure. They are in fact, experimental. Yes, the Hardened version is also experimental.
So why is an organization devoted to protecting the most vulnerable Internet users providing experimental versions of their software without any warnings? This stuff should be hidden on a development page since it should not be used by 90%+ of the user base. Many of the Whonix forum posts concerning the Hardened Browser are made by users who clearly do not have the technical background to be using that version in the first place. (<- Not directed at any poster specifically). Does it even have the same fingerprint as stable?
The biggest problem is the name. When a user sees 3 versions of the Browser, do you think that they’ll go for the one that is (un)(less)-Hardened? I think Whonix Docs can do what TPO has not done. Also, tb-downloader could use better warnings (and explain that all Tor Browsers are “Hardened”). Edit: Perhaps tb-downloader shouldn’t even present a choice - anyone who should be using an experimental version will know how to get it themselves.
This hardening comes with some downsides: these builds are slower than regular builds, and consume more memory … We should also point out that the hardening provided by Address Sanitizer is not perfect.