My plan is to document the following setup. It presupposes Qubes with whonix-gw
and whonix-ws
, but wherever possible I want to make it usable for non-Qubes users too. All comments are appreciated.
(Sorry for the strange code blocks; as a new user I may only post five links in a post.)
You need two DVM Templates: whonix-ws-dvm
and clearnetvm-dvm
(based on Debian or Fedora). For browsing over Tor you use whonix-ws
’s AnonDist Tor Browser, for clearnet browsing a modified version of Tor Browser in clearnetvm
(with sys-firewall
or sys-net
as NetVM).
VMs can be configured to open links in a new DispVM by default:
https://github.com/QubesOS/qubes-doc/pull/379
Switching between DVM Templates can be done easily with the shell script mentioned here
https://groups.google.com/d/msgid/qubes-users/20170205222339.GA6028%40thirdeyesecurity.org)
direct link to the script:
https://13366229192823780453.googlegroups.com/attach/f249577bacc5c/switch_dvm?part=0.1&view=1&vt=ANaJVrHjfVcrYO2FAWPBFqtoI-tdLm5nEQSo51j-LogBhphsXlvTHvJOeCZb_vqEJp-Pqhfcg1YwV1xFv4KDkHYEdiCFx4btkBio_wKNZ47QoFZd-65zXy8) to the script
It is not hard to write a script that lets the user select whether to open a link in an existing VM or in a new DispVM and whether that DispVM’s DVM be whonix-ws-dvm
or clearnetvm-dvm
.
In whonix-ws
everything is great by default. The custom Tor Browser Launcher even uses the --allow-remote
flag and warns users opening new links in an existing session.
In clearnetvm-dvm
you must install Tor Browser and tweak it. The goal is something like described in the links in the original post above. Tails’ Unsafe Browser probably provides a good starting point. Some instructions: Add documentation for tweaking Tor Browser by ubestemt · Pull Request #417 · QubesOS/qubes-doc · GitHub
A thought: Tor Browser’s tab stream isolation feature is great, but it only prevents tracking traffic analysis at the exit node, doesn’t it? I’m a bit worried it distracts from tracking by cookies. The exit node will change every ten minutes anyway, but if I have done one Google search or logged in to Facebook in one tab, Tor Browser will not prevent all my other activity to be tracked. Isn’t that correct? Maybe it would be wise use uBlock Origin in Tor Browser too; Tails includes it.
Not all websites work in Tor Browser; it’s nice to have an alternative. You can set up Chromium in both VMs. However, Chromium fingerprint cannot be reduced in a satisfactory way. Apart from installing Privacy Badger, uBlock Origin, Disconnect and Tab Cookies you can
-
prevent canvas fingerprinting by adding
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-reading-from-canvas"
to /etc/chromium.d/default-flags
;
-
set Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0
as User Agent with Privacy Extension (last updated June 2015);
-
hide Browser Plugin Details with the extension RubberGlove (last updated July 2015)
(too bad Panopticlick reads the field as permission denied
(one in 338 browsers) instead of Tor Browser’s undefined
(one in 2.8 browsers)!);
…but even if you install these unmaintained and maybe-not-so-reliable extensions Chromium still reveals your screen size and resolution. I haven’t found any information about how to hide that bit of information.
Edit: Maybe this could prove useful:
https://github.com/bcaller/plugin-privacy-chrome
Is Brave an alternative to Chromium? At least someone is actively working on reducing its fingerprint:
https://github.com/brave/browser-laptop/labels/misc%2Fpanopticlick