SecBrowser: A Security-hardened, Non-anonymous Browser - DEPRECATED

Development
94

Yeah it has a nice ring to it. The only relevant result using this name is some ancient browser by a company named “Tropical software”. Their domain seems out of order with an offer to buy it.

Does our naming fall under Whonix trademark protection?

1 Like
95

3 hours in and still luck :frowning:

These prefs have to be hard coded. Even with when added to user.js the values keep getting reset after vm restart. I’ll start going through the files in tb profile.default next

pref("extensions.torbutton.security_slider", 1);
pref("extensions.torbutton.security_custom", true);
pref("extensions.torbutton.inserted_security_level"; false);

Also, found a link to a downloadable Tor Browser pref file. Its older but its handy to have for reference.

1 Like
96

Let’s draft a feature request to be posted at trac.torproject.org. In my experience, the better any bug report / feature request is written, and then less [Whonix] specific it is, the better the chances of seing it implemented one day. On the other hand, the more discussion for clarification what it’s even about and reasoning why or off-topic deflection, the lower the chances anything ever is going to change.

1 Like
97
1 Like
98

All tickets on subject environment variable, useful to see what already was discussed and as inspiration for good bug reports / feature requests.

[Feature Request] Environment Variable to set security slider level is wontfix already.

99

Might edit this post. Feel free to edit it was a moderator / admin since the history feature to track changes is really neat.

subject:

document prefs / settings to set security slider level

content:

Could you please document how Tor Browser security level can be set via an prefs so we can give Whonix users an option to have more protection by default.

I’ve tried to start with a fresh installed Tor Browser profile, but it under git version control, start Tor Browser, change the setting and then see how file Browser/TorBrowser/Data/Browser/profile.default/prefs.js changed to then have a clue how to emulate to set these in Browser/TorBrowser/Data/Browser/profile.default/user.js.

By doing so, the security slider might show being set to maximum, however without the actual changes that the security slider would apply such as enabling noscript globally by default for all websites.

pref("extensions.torbutton.security_slider", 1);
pref("extensions.torbutton.security_custom", true);
pref("extensions.torbutton.inserted_security_level"; false);

Related:
[Feature Request] Environment Variable to set security slider level (#25391)

100

Having Tor Browser in the title is really bad for SecBrowser. Too easily confused one for the other by users of both.

Perhaps some leads on how to rebrand. No specific option found yet.

101

I doubt this would be done just for Whonix devs/users. This would somehow have to benefit everyone.

Most requests are denied because they somehow degrade anonymity for everyone. Since they hardcoded these prefs(?) they don’t want Tor Browser users changing them around. Maybe the best approach is to upfront with them on the reason for doing this. Take Whonix out of the equation. While non for anonymity make sure they know Whonix devs have already completed a lot of work on this.

SecBrowser

  • Would be useful to everyone (everyone needs an security focused clearnet browser)
  • Not hurting anyones anonymity.
  • SecBrowser is Freedom Software
  • Nothing in production. Not yet anyways.
2 Likes
102

MIght be a good lead-in to ->ask Mozilla? :wink:

1 Like
103

SecBrowser!!

Its a good start. It will take some time to get it just right.

When SecBrowser is started, the about:tor tab opens and the focus is taken off the SecBrowser landing page. I restarted SecBrowser and the same thing happened.There has to be a way to fix this.

Screenshot_2019-06-22_19-26-18
Screenshot_2019-06-22_19-26-18.png1010×804 96.7 KB

2 Likes
104

I have a new branding idea. Currently there is SecBrowser, Hardended Debian based OS and maybe more apps hardened by Whonix developers. We could use “Sec” as the brand for the OS and apps that are hardened. For example:

Sec
SecBrowser (Secure Browser)
SecLid (Secure Linux distribution)
SecEmc (Secure Email Client)
Sec™…

Not very good examples but just wanted to get the idea across.

2 Likes
105

Needs a bug report since feature
environment variable to skip TorButton control port verification

is broken.

106
107

Ive been experimenting with pass-qubes in SecBrowser. I don’t think it would be an worse for fingerprinting than the current method (passwords stored in SecBrowser) but would be less attack surface.

1 Like
108

Could a pass-qubes → pass-secbrowser tutorial be added to the SecBrowser for qubes Qubes? The only packages needed are;

The only issue I see is GitHub - kulinacs/pass-qubes: Qubes Split GPG integration for Pass does not have signed git tags. Since the rep needs little to no maintenance it could be forked to a “trusted” repo and git tags added?

1 Like
109

Yes.

110

Are there any specific colors that are thought as being related to secuirty. For example, purple is related to anonymity.

I’m trying to come up with a color scheme for the SecBrowser landing page.

1 Like
111

A post was split to a new topic: SecBrowser Welcome Page

112

Add content to first post of this thread. This is to avoid confusion when users click on one of the SecBrowser Welcome page links.

SecBrowser ™ is the fruit born from Tor Browser without Tor research and development.

2 Likes
113

Yes, we can always edit original posts add thread titles for improved expression, more up to date related to latest developments.