add Tor Browser first startup popup to ask whether security slider should be set to safest

Indeed this would cause some concerned confusion.

Not locked. User could still change. I don’t intent to add restrictions or any modifications inside Tor Browser.

  • artificial restriction are bad
  • not easy to implement even if I wanted I am not sure I could implement in reasonable time

I see. So someone who started [1], changes settings and then starts [1] again might expect being back to maximum security settings, which would not be the case.

On reflection the two start menu entries approach seems weird indeed.

Indeed.

It’s explained in the original post.

approach [C]:

  • Keep the usual singular start menu entry for Tor Browser but on first start of Tor Browser ask the user something like this (wording suggestion welcome):

Window title:

First start of Tor Browser (AnonDist) - Security vs Usability Trade-off

Window content:

Would you like to start Tor Browser with its security slider setting set to maximum?

This would provider better security at expense of worse usability.

Question:

Yes|No

[default no]

I will edit this post with better text. Will lend/rewrite text from Tor Browser Essentials

Disadvantage: this question could be nagging in Qubes-Whonix DispVMs. For partial relief, see below.

It would be very easy (and would definitely be implemented) to allow users to preseed (answer preemptively) this question with an settings that could be put into a drop-in config file.

Excellent feature in my opinion, assists in remembering to take care of this option when setting up a new VM.

1 Like

Whonix Browser? We’ve already decided that the Whonix brand is exclusively anonymity related and so we’re not putting it on any hardened (but non-anonymous) products’ labels. The homepage disclaimer should then cover the warrnaty disclaimer stuff.

Since we are not modifying the core code or functionality in any way I don’t think we should go the extra mile of new icons for this version, unlike SecBrowser.

1 Like

Thanks to @0brand figured that out in this post SecBrowser: A Security-hardened, Non-anonymous Browser - DEPRECATED - #118 by 0brand

… this is now implemented.

And will come later through upgrades.

2 Likes

First Start of Tor Browser (AnonDist) - Security vs Usability Trade-off

In the stock Tor Browser configuration, JavaScript is enabled by default for greater usability. The Tor Project provides a rationale for this decision.

The producers of Tor Browser decided the security slider setting to be set to “Standard” by default. Quote Tor Browser Manual:

You can further increase your security by choosing to disable certain web features that can be used to attack your security and anonymity. You can do this by increasing Tor Browser’s Security Settings in the shield menu. Increasing Tor Browser’s security level will stop some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
This popup question does not restrict your freedom to change security slider settings at any time.

Responsible for this popup question is Tor Browser Starter by Whonix developers. It is an usability feature, which might break in future. Therefore the user is advised to verify that the security slider has the expected setting. Please donate!

Preseeding:

It is possible to avoid this popup question by preseeding the answer to it. For that create a file /etc/torbrowser.d/50_user.conf with the follow contents, if you want to answer “Yes”.

tb_security_slider_safest=true
Or if you want to answer “No”.
tb_security_slider_safest=false

Technical Details:

This script is: /usr/bin/torbrowser
Function: tb_security_slider
All this would do is copying file /usr/share/torbrowser/security-slider-highest.js to /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
cp /usr/share/torbrowser/security-slider-highest.js /var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js

Set Tor Browser Security Slider to Safest?

2 Likes
1 Like

Perhaps the following deserves another thread but this is still somewhat related.

Increased security may also include disabling resize of Tor Browser. Is it something that can be included here or considered modifications inside Tor Browser?

1 Like

Indeed. Should be reported to, and fixed upstream in Tor Browser.

Hello
my security slider for the tor browser seems to be broken
even though it displays i am in the “safest” mode Javascript and everything else behaves like it is in Standard mode
i can fix this temporarily if i change the setting/slider to standard and back to whatever i want but whenever i restart the browser it defaults to showing me
that i am on the safest setting while acting like it is on standard
help is appreciated

Can you reproduce this with Tor Browser Bundle on non-Whonix, plain Debian buster?

As per Free Support for Whonix ™?

I can report that the slider works fine in Debian Buster (Tor browser 9.0.2).
How did I determine this?
Went to a javascript heavy page with the shield black. Page loads.
Again, reload the same page, but this time with the shield completely clear and the page took a bit longer, plus many more graphical decorations were present.
Tried several sites in total, including this one, no problems reported with the Tor Browser.

Updated Tor Browser or newly installed?

Fixable through re-installation of Tor Browser?

Tor Browser Essentials

From my research in the past few days this is a installation specific problem which just affects this specific Whonix instance
so i can not reproduce this anywhere else not even in a newly installed Whonix vm from the same base/template

I would use a fresh installation if i had not installed a bunch of things on it already

I also did a reinstall of the browser which fixed it initially (on first upstart i selected the slider to be on the safest which it acknowledged) but after another restart of the browser it gave me the same problem

it concerns me a bit that it clearly ignores these settings and i wonder if it ignores anything else

The updated one is still broken

add Tor Browser first startup popup to ask whether security slider should be set to safest might be broken.

Try:

Close Tor Browser. Run.

rm ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js

Restart Tor Browser.


Or re-install Tor Browser and then when the popup before Tor Browser starts asks you of if you want to set security slider to highest say No. You can still set security slider to highest manually.


Does that help?

This worked for me
Thanks to everyone that helped

1 Like

This just resets it lower safety and then when highest is applied it works but there is no dialog asking what level to adjust it to. I’ll test the reinstall.

1 Like

Works with 9.02 install from scratch. Thanks Patrick.

1 Like
1 Like