My plan is to document the following setup. It presupposes Qubes with
whonix-ws, but wherever possible I want to make it usable for non-Qubes users too. All comments are appreciated.
(Sorry for the strange code blocks; as a new user I may only post five links in a post.)
You need two DVM Templates:
clearnetvm-dvm (based on Debian or Fedora). For browsing over Tor you use
whonix-ws's AnonDist Tor Browser, for clearnet browsing a modified version of Tor Browser in
sys-net as NetVM).
VMs can be configured to open links in a new DispVM by default:
Switching between DVM Templates can be done easily with the shell script mentioned here
direct link to the script:
https://13366229192823780453.googlegroups.com/attach/f249577bacc5c/switch_dvm?part=0.1&view=1&vt=ANaJVrHjfVcrYO2FAWPBFqtoI-tdLm5nEQSo51j-LogBhphsXlvTHvJOeCZb_vqEJp-Pqhfcg1YwV1xFv4KDkHYEdiCFx4btkBio_wKNZ47QoFZd-65zXy8) to the script
It is not hard to write a script that lets the user select whether to open a link in an existing VM or in a new DispVM and whether that DispVM's DVM be
whonix-ws everything is great by default. The custom Tor Browser Launcher even uses the
--allow-remote flag and warns users opening new links in an existing session.
clearnetvm-dvm you must install Tor Browser and tweak it. The goal is something like described in the links in the original post above. Tails' Unsafe Browser probably provides a good starting point. Some instructions: https://github.com/QubesOS/qubes-doc/pull/417
A thought: Tor Browser's tab stream isolation feature is great, but it only prevents tracking traffic analysis at the exit node, doesn't it? I'm a bit worried it distracts from tracking by cookies. The exit node will change every ten minutes anyway, but if I have done one Google search or logged in to Facebook in one tab, Tor Browser will not prevent all my other activity to be tracked. Isn't that correct? Maybe it would be wise use uBlock Origin in Tor Browser too; Tails includes it.
Not all websites work in Tor Browser; it's nice to have an alternative. You can set up Chromium in both VMs. However, Chromium fingerprint cannot be reduced in a satisfactory way. Apart from installing Privacy Badger, uBlock Origin, Disconnect and Tab Cookies you can
prevent canvas fingerprinting by adding
export CHROMIUM_FLAGS="$CHROMIUM_FLAGS --disable-reading-from-canvas"
Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0 as User Agent with Privacy Extension (last updated June 2015);
hide Browser Plugin Details with the extension RubberGlove (last updated July 2015)
(too bad Panopticlick reads the field as
permission denied (one in 338 browsers) instead of Tor Browser's
undefined (one in 2.8 browsers)!);
...but even if you install these unmaintained and maybe-not-so-reliable extensions Chromium still reveals your screen size and resolution. I haven't found any information about how to hide that bit of information.
Edit: Maybe this could prove useful:
Is Brave an alternative to Chromium? At least someone is actively working on reducing its fingerprint: