TODO research and document - How to use Tor Browser for security not anonymity? How to use TBB using clearnet?



What exactly are you thinking about? A guide for implementing the steps described in the second link? That I could try to do.

A patch one can apply to Tor Browser would be great. I will look into how the modifications for the clearnet browser in Tails are implemented. I’m not sure how much I can accomplish without experience from programming or browser development, though.




My plan is to document the following setup. It presupposes Qubes with whonix-gw and whonix-ws, but wherever possible I want to make it usable for non-Qubes users too. All comments are appreciated.

(Sorry for the strange code blocks; as a new user I may only post five links in a post.)

You need two DVM Templates: whonix-ws-dvm and clearnetvm-dvm (based on Debian or Fedora). For browsing over Tor you use whonix-ws's AnonDist Tor Browser, for clearnet browsing a modified version of Tor Browser in clearnetvm (with sys-firewall or sys-net as NetVM).

VMs can be configured to open links in a new DispVM by default:


Switching between DVM Templates can be done easily with the shell script mentioned here


direct link to the script:

https://13366229192823780453.googlegroups.com/attach/f249577bacc5c/switch_dvm?part=0.1&view=1&vt=ANaJVrHjfVcrYO2FAWPBFqtoI-tdLm5nEQSo51j-LogBhphsXlvTHvJOeCZb_vqEJp-Pqhfcg1YwV1xFv4KDkHYEdiCFx4btkBio_wKNZ47QoFZd-65zXy8) to the script

It is not hard to write a script that lets the user select whether to open a link in an existing VM or in a new DispVM and whether that DispVM’s DVM be whonix-ws-dvm or clearnetvm-dvm.

In whonix-ws everything is great by default. The custom Tor Browser Launcher even uses the --allow-remote flag and warns users opening new links in an existing session.

In clearnetvm-dvm you must install Tor Browser and tweak it. The goal is something like described in the links in the original post above. Tails’ Unsafe Browser probably provides a good starting point. Some instructions: https://github.com/QubesOS/qubes-doc/pull/417

A thought: Tor Browser’s tab stream isolation feature is great, but it only prevents tracking traffic analysis at the exit node, doesn’t it? I’m a bit worried it distracts from tracking by cookies. The exit node will change every ten minutes anyway, but if I have done one Google search or logged in to Facebook in one tab, Tor Browser will not prevent all my other activity to be tracked. Isn’t that correct? Maybe it would be wise use uBlock Origin in Tor Browser too; Tails includes it.

Not all websites work in Tor Browser; it’s nice to have an alternative. You can set up Chromium in both VMs. However, Chromium fingerprint cannot be reduced in a satisfactory way. Apart from installing Privacy Badger, uBlock Origin, Disconnect and Tab Cookies you can

  • prevent canvas fingerprinting by adding

      export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-reading-from-canvas"

    to /etc/chromium.d/default-flags;

  • set Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0 as User Agent with Privacy Extension (last updated June 2015);

  • hide Browser Plugin Details with the extension RubberGlove (last updated July 2015)

    (too bad Panopticlick reads the field as permission denied (one in 338 browsers) instead of Tor Browser’s undefined (one in 2.8 browsers)!);

…but even if you install these unmaintained and maybe-not-so-reliable extensions Chromium still reveals your screen size and resolution. I haven’t found any information about how to hide that bit of information.

Edit: Maybe this could prove useful:


Is Brave an alternative to Chromium? At least someone is actively working on reducing its fingerprint:




A thought: Tor Browser’s tab stream isolation feature is great, but
it only prevents tracking traffic analysis at the exit node, doesn’t
it? I’m a bit worried it distracts from tracking by cookies.

It’s not just stream isolation by tab. Also the zillion of other things
like cookies are separated.

The exit
node will change every ten minutes anyway,

Only for short lived connections. Not for long lived connections.

but if I have done one
Google search or logged in to Facebook in one tab, Tor Browser will
not prevent all my other activity to be tracked. Isn’t that correct?

It should. How well that works is another question.

See tbb-linkability
and tbb-fingerprinting.

Maybe it would be wise use uBlock Origin in Tor Browser too; Tails
includes it.

A way too big suggestion to discuss this off-topic in another thread.


Outdated. See the wiki page: https://www.whonix.org/wiki/Tor_Browser_without_Tor


Awesome! Going to test soon.

Could you move this to the wiki please?

Any suggestions for a wiki page name? Let me create an empty page, so you can add it. The page name ideally would make it clear, that it’s using Tor Browser without anonymity. How do we coin it? Secure Browser?


Yes, how do we call it? I think ‘secure’ is misleading. Compared to Chromium its main advantage is that its more resistant to fingerprinting.

I don’t know what the target audience is. If we assume it already knows what Tor Browser is maybe… Tor Browser without Tor for increased privacy?

The wiki page could be called ‘Tor Browser without Tor’.


What about the sandboxed one?


Could you make that one work?

target audience: me ;), security enthusiasts, advanced users

After all the efforts Tor Project made to harden Firefox, I think it would be worth if they had a full Firefox fork. Not just one optimized for anonymity, privacy and security. Also one just optimized for security and privacy. That would attract more users / funding / development. However unlikely that is… To increase that small chance, it would be good to advocate a proof of concept. If Mozilla messed up (being funded by google, not focusing on security and privacy), perhaps Tor Project could take over one day. The more percentage of users use Tor Browser (already now), the more Tor Project becomes Mozilla.


Wiki page skeleton created.


I will look into it. I haven’t set one up yet.

If also has a default.profile directory you could try to create a user.js in it as described below and see what happens.


I’ve provided a “Tor Browser without Tor” (empty) entry under Tor Browser Advanced Users section for this info (it’s awaiting Patrick’s sign off to appear).

Just under the sandboxed Tor Browser part.



Yes. Looks the same. Just a sandbox is wrapped around it.


Ad/Tracking blockers would be a good addition


Who made this edit about the Recommended Extensions?


We gotta be careful about that. I saw Ghostery recommended on a lot pro privacy websites back then. To just figure out, it’s a closed source add-on.


Is disconnect and the other add-ons actually Libre Software? Or doing other sketchy things?

It does not hurt to have more (or all) of them installed even if the benefit is questionable.

Well, if the benefit is questionable… And they can do harm. Proclaimed pro privacy add-ons can actually be trackers themselves. Every add-on has full control over the whole browser and therefore full control over the whole system.

And ad-blocking… Not sure about that. Perhaps an “optional add-on”. Not a “recommended add-on”. Not sure Whonix should stay technological neutral on the question of ads. Tor Project somewhere had a write up they don’t want to be perceived as anti ads since that would be counter productive to the wider goals.

(Tails blocks ads by default. At least it did so in the past. Not sure it still does it? It’s quite a bold decision.)


They still do though they use uBlock origin now. And I agree we shouldn’t add more add-ons than Tails at least. I find NoScript good enough as an adblocker 80% of the time.



That could have been me. (It’s so convenient to be able to edit without logging in!)

My reasoning goes like this: If you are disabling private browsing mode, privacy probably isn’t your highest priority; it will be easier to track you. Privacy Badger, Disconnect and uBlock Origin are all open source, have been around for a while and are often recommended. Of course they pose an additional risk; but I think the risk of using none is bigger. (Though I would not recommend that they be installed if private browsing mode is being used.)

[Edit: Or, in the vocabulary of The Design and Implementation of the Tor Browser: Is the privacy through cross-origin identifier and cross-origin fingerprinting unlinkability strong enough without long-term unlinkability?]

I wanted to mention uBlock Origin as an option not because of its ad-blocking capabilities but as an alternative to Disconnect for blocking trackers. I think the extensions should be mentioned even if the Whonix project were to take a stand against it. (@HulaHoop: You left out an important part in the quote: Patrick says he’s not sure Whonix should stay technological neutral on the question of ads.)

But those who don’t want to bothered by private browsing mode do not want to fiddle with NoScript settings either.


My bad. I quoted is as I read it then.


Let’s mention them as optional (not recommended) extensions then. (Since the benefit is unclear. If anything, it would be providing lightweight protections from cooperations that do tracking, but nothing more than that. Has some value indeed.)


I have tried to clarify that in a new version: https://www.whonix.org/w/index.php?title=Tor_Browser_without_Tor&oldid=30298&diff=cur

Maybe someone can supplement information on whether/how it is possible to use Tor Browser without Tor in Whonix. (I use Qubes.)

Also, should a Tor Browser without Tor be tweaked more than described in the article? Changing it’s name would be useful; I haven’t been able to find out how much work that is. I think the Tor Button should be kept; it is a constant reminder that the browser using Tor is disabled.