SecBrowser: A Security-hardened, Non-anonymous Browser - DEPRECATED

0brand · March 3, 2019, 3:00am

Thought I did. I’m using a new VM.

bash -x /usr/bin/torbrowser --clearnet
+ set -o pipefail
+ set -o errtrace
+ '[' -n '' ']'
++ basename /usr/bin/torbrowser
+ SCRIPTNAME=torbrowser
+ IDENTIFIER=torbrowser
+ ICON=/usr/share/icons/anon-icon-pack/tbupdate.ico
+ trap tb_error_handler ERR
+ main_function --clearnet
+ root_check --clearnet
++ id -u
+ '[' 1000 '!=' 0 ']'
+ true
+ tb_preparation --clearnet
++ whoami
+ who_ami=user
+ command -v qubesdb-read
+ '[' -n '' ']'
+ is_qubes=true
+ '[' -n '' ']'
++ qubesdb-read /name
+ qubes_vm_name=tb-starter
+ '[' -n '' ']'
++ qubesdb-read /qubes-vm-type
+ qubes_vm_type=AppVM
+ '[' AppVM = TemplateVM ']'
+ '[' -n '' ']'
+ tb_user_home=/home/user
+ echo /home/user
+ grep -q tor-browser
+ '[' -n '' ']'
+ tb_install_folder=tb
+ '[' -n '' ']'
+ tb_install_folder_dot=.tb
+ '[' -n '' ']'
+ tb_browser_name=tor-browser
+ '[' -n '' ']'
+ tb_settings_folder=torbrowser.d
+ '[' -n '' ']'
+ tb_name=tor
+ '[' -n '' ']'
+ tb_title='Tor Browser'
+ '[' -n '' ']'
+ tb_wiki=Tor_Browser
+ '[' -n '' ']'
+ tb_proxy_name=tor
+ '[' -n '' ']'
+ tb_bin=torbrowser
+ '[' -n '' ']'
+ tb_browser_runner=start-tor-browser
+ '[' -n torbrowser ']'
+ '[' -n '' ']'
+ tb_home_folder=/home/user/.tb
+ '[' -n '' ']'
+ tb_browser_folder=/home/user/.tb/tor-browser
+ '[' '' = '' ']'
+ '[' :0 = '' ']'
+ display=:0
+ output=/usr/lib/msgcollector/msgcollector
+ local my_tty
+ local my_tty_exit_code
+ my_tty_exit_code=0
++ tty
+ my_tty=/dev/pts/0
+ '[' '!' 0 = 0 ']'
+ '[' /dev/pts/0 = '' ']'
++ whoami
+ who_ami=user
+ output_opt_1='--icon /usr/share/icons/anon-icon-pack/tbupdate.ico'
+ output_opt_2='--parentpid 5414'
+ output_opt_3='--identifier torbrowser'
+ output_opt_4='--parenttty /dev/pts/0'
+ output_opt_5='--whoami user'
+ output_opts=("$output_opt_1" "$output_opt_2" "$output_opt_3" "$output_opt_4" "$output_opt_5")
+ TITLE='Tor Browser Starter (by Whonix developers)'
+ tb_set_links --clearnet
+ DOC_LINK=https://www.whonix.org/wiki/Documentation
+ CONTRIBUTE_LINK=https://www.whonix.org/wiki/Contribute
+ DONATE_LINK=https://www.whonix.org/wiki/Payments
+ FORUM_LINK=https://forums.whonix.org
+ MAILINGLIST_LINK=https://www.whonix.org/pipermail/whonix-devel/
+ IMPORTANTBLOG_LINK=https://forums.whonix.org/tags/important-news
+ FEATUREBLOG_LINK=https://forums.whonix.org/c/news
+ '[' '!' '' = '' ']'
+ '[' -f /usr/share/anon-ws-base-files/workstation ']'
+ '[' -f /usr/share/anon-gw-base-files/gateway ']'
+ true 'Not modifying which link to open.'
+ tb_config_folder_parser --clearnet
+ '[' -n torbrowser.d ']'
+ shopt -s nullglob
+ local i
+ for i in /etc/$tb_settings_folder/*.conf /rw/config/$tb_settings_folder/*.conf
+ bash -n /etc/torbrowser.d/30_default.conf
+ source /etc/torbrowser.d/30_default.conf
+ parse_cmd_options --clearnet
+ :
+ case $1 in
+ tb_clearnet=true
+ shift
+ :
+ case $1 in
+ break
+ local other_args
+ other_args=
+ '[' '' = '' ']'
+ have_other_args=false
+ '[' '' = '' ']'
+ LINK=
+ '[' '' = true ']'
+ tb_templatevm_check --clearnet
+ '[' true = false ']'
+ '[' '!' AppVM = TemplateVM ']'
+ true 'Not running in TemplateVM.'
+ return 0
+ tb_qubes_dvm_template --clearnet
+ echo tb-starter
+ grep -q --invert-match '\-dvm'
+ true 'INFO: not running inside Qubes DVM Template, ok.'
+ return 0
+ check_tb_updater_first_boot_done --clearnet
+ local systemctl_output
+ local wait_counter
+ wait_counter=0
+ true
++ systemctl --no-pager --no-block status tb-updater-first-boot.service
+ systemctl_output='● tb-updater-first-boot.service - Copy Tor Browser from /var/cache/tb-binary to user home at First Boot Service
   Loaded: loaded (/lib/systemd/system/tb-updater-first-boot.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2019-03-02 20:37:17 EST; 7min ago
     Docs: https://github.com/Whonix/tb-updater
  Process: 467 ExecStart=/usr/lib/tb-updater/first-boot-home-population (code=exited, status=0/SUCCESS)
 Main PID: 467 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/tb-updater-first-boot.service'
+ break
+ maybe_install_tor_browser --clearnet
+ '[' -d /home/user/.tb/tor-browser ']'
+ return 0
+ tb_folder_change_directory --clearnet
+ local change_directory_exit_code=0
+ cd /home/user/.tb/tor-browser
+ '[' '!' 0 = 0 ']'
+ tb_detect_starter_bin --clearnet
+ '[' '!' '' = '' ']'
+ '[' -x /home/user/.tb/tor-browser/Browser/start-tor-browser ']'
+ tb_starter_bin=/home/user/.tb/tor-browser/Browser/start-tor-browser
+ tb_clearnet --clearnet
+ test -f /home/user/.tb/tor-browser/clearnet-marker
+ '[' '!' true = true ']'
+ '[' '!' true = true ']'
+ diff /usr/share/tb-updater/tb_without_tor_settings.js /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
+ true 'our version exists'
+ test -f /home/user/.tb/tor-browser/clearnet-marker
+ TOR_SKIP_CONTROLPORTTEST=1
+ TOR_SKIP_LAUNCH=1
+ TOR_TRANSPROXY=1
+ export TOR_SKIP_CONTROLPORTTEST TOR_SKIP_LAUNCH TOR_TRANSPROXY
+ maybe_use_open_link_confirmation --clearnet
+ '[' '' = true ']'
+ tool=tb_start_tor_browser
+ '[' -x /usr/lib/open_link_confirmation ']'
+ '[' '!' '' = true ']'
+ tool=/usr/lib/open_link_confirmation
+ local temp
+ local tool_exit_code=0
+ '[' '' = '' ']'
+ temp='/usr/lib/open_link_confirmation --clearnet'
+ /usr/lib/open_link_confirmation --clearnet
+ set -e
+ main_function --clearnet
+ source_config --clearnet
+ shopt -s nullglob
+ local i
+ for i in /etc/open_link_confirm.d/*.conf /rw/config/open_link_confirm.d/*.conf
+ bash -n /etc/open_link_confirm.d/31_default.conf
+ source /etc/open_link_confirm.d/31_default.conf
++ link_confirmation_for_links=1
++ link_confirmation_for_files=1
+ preparation --clearnet
+ export OPEN_LINK_CONFIRMATION=true
+ OPEN_LINK_CONFIRMATION=true
+ '[' 1 = 0 ']'
+ input_object_original=--clearnet
+ trim=128
+ input_object_string_length=10
+ input_object_trimmed=--clearnet
++ /usr/lib/msgcollector/striphtml --clearnet
+ input_object_stripped_and_trimmed=--clearnet
+ '[' 10 -gt 128 ']'
+ '[' -f --clearnet ']'
+ is_file=0
+ type=link
+ command -v qubesdb-read
+ qubes_detected=true
++ qubesdb-read /type
+ qubes_type=StandaloneVM
+ '[' -f /var/run/qubes/this-is-templatevm ']'
+ '[' -f /usr/share/anon-gw-base-files/gateway ']'
+ workstation --clearnet
+ '[' 0 = 1 ']'
+ '[' -n '' ']'
+ open_in_tool_bin=x-www-browser
+ '[' -n '' ']'
+++ command -v x-www-browser
++ readlink -f /usr/bin/x-www-browser
+ open_in_tool_bin_name_readlink=/usr/bin/torbrowser
+ '[' -n '' ']'
+ open_in_tool_bin_name='x-www-browser (/usr/bin/torbrowser)'
+ '[' 'x-www-browser (/usr/bin/torbrowser)' = 'x-www-browser (/usr/bin/torbrowser)' ']'
+ open_in_tool_bin_name='Tor Browser'
+ '[' '!' -n '' ']'
+ '[' -n 'Tor Browser' ']'
+ '[' /usr/bin/torbrowser = /usr/lib/open_link_confirmation ']'
+ '[' --clearnet = '' ']'
+ '[' --clearnet = ' ' ']'
+ title='Confirm Open'
+ msg='<p>The following <b>link</b> will be opened in <u>Tor Browser</u>.</p>
<p>Be careful if <u>Tor Browser</u> is already running as your activities might get linked.</p>
<p><code><blockquote>--clearnet</blockquote></code></p>'
+ question='Continue?'
+ button=yesno
+ return 0
+ final --clearnet
+ local ask_for_confirmation=1
+ '[' 0 = 1 ']'
+ '[' 1 = 0 ']'
+ local ask_for_confirmation=1
+ '[' StandaloneVM = DispVM ']'
+ '[' 1 = 1 ']'
+ local answer
+ answer=0
++ /usr/lib/msgcollector/generic_gui_message warning 'Confirm Open' '<p>The following <b>link</b> will be opened in <u>Tor Browser</u>.</p>
<p>Be careful if <u>Tor Browser</u> is already running as your activities might get linked.</p>
<p><code><blockquote>--clearnet</blockquote></code></p>' 'Continue?' yesno
+ answer=16384
+ '[' '!' 16384 = 16384 ']'
+ command -v x-www-browser
+ local open_in_tool_exit_code
+ open_in_tool_exit_code=0
+ DE=generic
+ x-www-browser --clearnet
+ '[' '!' 0 = 0 ']'
+ exit 0
+ '[' '!' 0 = 0 ']'

tb-updater tested ok.

Also tested,

~/.tb/tor-browser/start-tor-browser.desktop --clearnet #(and without --clearnet)

and

~/.tb/tor-browser/Browser/start-tor-browser --clearnet #(and without --clearnet)

All fail with “The proxy server is refusing connections” when browsing to a website. This is expected?

TOR_TRANSPROXY=1 has to be prepended to the command for functional networking.

It could be very dangerous if a user misunderstood what this was used for. When people think of Whonix they think anonymity. Does everyone know what clearnet is?

Whonix should be left out out completely in the description.
–alias would be fine. Unfortunatly can’t think of anything better that clearnet.

Tested and worked ok fom me.

https://forums.whonix.org/t/gpg-recv-keys-fails/5607

Much of the discussion took place in Wiki edits thread. I could find those posts and move them to a new thread if you’d like.