Information
ID: 479
PHID: PHID-TASK-rf36dqc2ifjbgdw6jja6
Author: HulaHoop
Status at Migration Time: resolved
Priority at Migration Time: Normal
Description
Problems with current setup:
At the moment too many steps are required to customize TBB to work with alternative proxies. Many rules need to be added manually after FoxyProxy is installed.
The FoxyProxy addon is still unsigned by Mozilla and so downloading it from their site incurs unacceptable risk.
This ticket suggests simplifying the process by:
Pre-installing the FoxyProxy package from the Debian repo.
Supplying a configuration file to the addon for a variety of services (written by KillYourTV) [1]
Since it has to be optional and still done from the command line there is no point in scripting the symlinking/ config file moving part. These will be documented on the wiki.
The way it would work:
Run a script to enable this functionality by creating a symlink (making the addon available to TBB) + copy the custom config to the Tor Browser folder.
ln -s /usr/share/xul-ext/foxyproxy-standard/ /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/foxyproxy@eric.h.jung
cp /some/package/location/foxyproxy.xml /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/
Also included is another script to reverse step 1 to make the addon unavailable in TBB to restore TBB’s default fingerprint. This is done by simply deleting the symlink:
rm /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/foxyproxy@eric.h.jung
Optionally block any access to FoxyProxy by the default installed Iceweasel and IceDove by blacklisting the addon folder path in Apparmor
TODO (assigned to HulaHoop) : Extend the config to cover access for Syncthing and Zeronet localhost pages. Update documentation for FoxyProxy to cover this feature when implemented.
Resources:
[1] http://qza32xuddl3guikc.onion/tutorials/darknets/foxyproxy.xml
Comments
HulaHoop
2016-03-22 14:58:03 UTC
Patrick
2016-03-22 15:54:58 UTC
HulaHoop
2016-03-23 12:57:49 UTC
Patrick
2016-03-23 13:26:02 UTC
HulaHoop
2016-03-23 15:38:01 UTC
There wasn’t one specified but KYTV licenses everything under MIT. I assumed this would be covered. He is unavailable so a conversation with him is unlikely.
To be safe you can put this on hold - though likely it will never happen.
HulaHoop
2016-03-25 13:02:33 UTC
Copyright protects expression, not ideas or data. Configuration files are’t copyrightable because they contain data. Data that can only be expressed in a single and certain way because of the underlying software which reads it:
Licensing of configuration files? | Drupal Groups
Patrick
2016-03-26 17:11:01 UTC
HulaHoop
2016-03-27 17:16:07 UTC
Patrick
2016-03-28 12:23:46 UTC
HulaHoop
2016-03-29 14:38:42 UTC
Patrick
2016-03-29 15:00:09 UTC
Tor Browser doesn’t use /etc/hosts. Rightly so, since system specific and fingerprintable.
https://www.whonix.org/wiki/Template:FoxyProxy
To reverse this action and restore Tor Browser’s default fingerprint run:
I have reason to doubt it restores the fingerprint. Because…
Template:Tor Browser Remove Proxy Settings - Whonix
Undo
Undoing this setting is undocumented. Simply no longer setting that environment variable will not do the trick. This is because of limitations of Tor Browser. The easiest way to undo these instructions would be to start over with a fresh installation of Tor Browser. Please contribute these instructions.
To find that out…
Start with a fresh Tor Browser.
make a copy of /.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/prefs.js
(or add it to a version management system such as git) [*]
make the (proxy) changes
see if/how prefs.js changed (to make sure we know settings are changed there)
undo the (proxy) changes
see if the settings file is back to normal like in step 2.
[*]
Would be a lot better to add the whole Tor Browser folder to a version management system such as git observe files change back and forth.
HulaHoop
2016-03-29 21:55:59 UTC
Good catch. There are two changes that remain between the first version and the one after removing the symlink:
+user_pref(“extensions.foxyproxy.firstrun”, false);
+user_pref(“extensions.foxyproxy.last-version”, “3.4”);
Can content running in the browser fingerprint/read these changes in the pref.js? I think that’s probably true since you pointed out and will change recommendations.
Patrick
2016-03-29 22:07:00 UTC
HulaHoop (HulaHoop):
Good catch. There are two changes that remain between the first version and the one after removing the symlink:
+user_pref(“extensions.foxyproxy.firstrun”, false);
+user_pref(“extensions.foxyproxy.last-version”, “3.4”);
The remaining two prefs are probably harmless cruft wrt to proxy settings.
Can content running in the browser fingerprint/read these changes in the pref.js?
Other add-ons can likely. [But that would not matter as they could other
bad stuff also.]
I haven’t heard that remote websites can read arbitrary settings from
pref.js. Does pref.js include private data not to be shared? If so, such
a feature would be pretty outrageous. Unlikely. Worth researching.
HulaHoop
2016-03-29 22:14:55 UTC
Patrick
2016-03-29 22:32:45 UTC
HulaHoop
2016-03-30 21:39:55 UTC
Patrick
2016-04-02 14:45:51 UTC
Patrick
2016-04-14 19:41:23 UTC
Adding xul-ext-foxyproxy-standard as a dependency to #usability-misc was a mistake. Too intrusive. It causes too many issues. (plain Debian) I was starting icedove, and then it run some compatibility test that failed. Also having it installed it in iceweasel by default causes issues. It is confusing for Whonix users who happen to look into iceweasel wondering what it is good for or if that is a recommendation. And the foxyproxy homepage gets opened to each time the add-on is updated.
So on balance it creates more usability issues than it fixes (saving local proxy users a step). I think it would be more justified if local proxy users would be recommended to manually install it.
HulaHoop
2016-04-15 19:30:33 UTC
Patrick
2016-04-16 02:58:33 UTC
HulaHoop
2016-04-16 03:15:35 UTC
Patrick
2016-04-18 13:42:47 UTC
Patrick
2016-06-04 13:05:58 UTC
HulaHoop
2016-06-04 21:53:50 UTC
Patrick
2016-06-04 21:55:32 UTC
HulaHoop
2016-06-06 12:09:25 UTC
Patrick
2016-06-06 12:31:57 UTC
HulaHoop
2016-06-08 22:19:46 UTC
Yeah
Patrick
2016-06-08 22:35:58 UTC
HulaHoop
2016-06-10 12:45:09 UTC