Yes, because start-tor-browser (by Tor Project) doesn’t know about --clearnet. That is because only /usr/bin/torbrowser (by Whonix) had recently --clearnet implemented.
So only /usr/bin/torbrowser --clearnet makes sense.
/usr/bin/torbrowser --clearnet will set that automatically. (See also bash -x /usr/bin/torbrowser --clearnet)
I doubt that. Very Tor community specific. And ambiguous also. Has at least two meanings.
I tested the instructions in Fedora-29. Interestingly, disabling private browsing mode is all that is needed to save passwords. Also torbrowser-launcher was removed from Debian testing (buster). So the only option is to install from Debian unstable (sid).
For Qubes Documentation I’m going to include instructions to install from Debian sid and a separate instructions using tb-updater. And the current Whonix tutorials will be updated as well.
The security community is much bigger than the privacy/anonymity communities. If they know there was a hardened browser, a lot people would use it. Would be good to have help, attention and development support of the security community. Hardened Firefox should be a thing in the security community. But information spreads much less than one would expect nowadays. A public wiki page somewhere doesn’t necessarily lead to wide publication. It’s still like “a secret”.
To start this, is anyone up for aggregating primarily the security enhancements that Tor Browser implements? (Secondarily perhaps also privacy enhancements.) Perhaps a comparative table similar to sdwdate: Secure Distributed Web Date? Perhaps some libre licensed selfrandom images?
The Tor Browser doesn’t increase security from default Firefox except maybe changing the security sliders which can just be easily gotten on default Firefox. The sandboxed Tor Browser version has also been dead for a while now. I wouldn’t name it something related to security like that.
So why mention WebRTC specifically? There are plenty of things that get disabled in the Tor Browser that could be considered as reducing attack surface.
Those were fixed years ago and there are very little.
WebRTC was previously shown to leak sensitive info when VPNs are used. VPNs are very popular. This could perk the interest of those users. WebRTC disabled
Unfortunately perception sometimes trumps reality.
So why mention WebRTC specifically? There are plenty of things that get disabled in the Tor Browser that could be considered as reducing attack surface.
No specific reason. Documentation / lack of research issue.
I know, I meant that the “disabled WebRTC” part should probably be changed to “reduced attack surface” in the wiki as it isn’t just WebRTC that is disabled.