whome1
September 18, 2019, 2:15am
1
Every time Tor Browser is opened in a fresh DispVM, it asks whether to set slider to safest. This is understandable although it is not needed every single time.
awokd
September 18, 2019, 2:22am
2
Yes, the config option is described in that same dialog box.
1 Like
Patrick
September 18, 2019, 5:13am
3
Waiting for the following feature request to be implemented so this can be improved.
opened 10:43AM - 18 Aug 19 UTC
T: enhancement
C: desktop-linux
P: default
As discussed in https://groups.google.com/forum/#!topic/qubes-devel/DEQNltD2_kc … upcoming change in [tb-starter](https://github.com/Whonix/tb-starter):
> add Tor Browser first startup popup to ask whether security slider should be set to safest [2] [3]
Qubes users will be asked:
* in AppVM: at first startup of Tor Browser
* in DispVM: at start of Tor Browser
Users won't be asked if they start other applications other than Tor Browser.
Users won't be asked if they preseed the answer to the question by changing a configuration file as described in the popup.
----
> [2] https://forums.whonix.org/t/add-tor-browser-first-startup-popup-to-ask-whether-security-slider-should-be-set-to-safest/7591
> [3]
> **First Start of Tor Browser (AnonDist) - Security vs Usability
Trade-off**
>
> In the stock Tor Browser configuration, JavaScript is enabled by
default for greater usability. The Tor Project provides a rationale for
this decision.
>
> The producers of Tor Browser decided the security slider setting to be
set to "Standard" by default. Quote Tor Browser Manual:
>
>> You can further increase your security by choosing to disable certain
web features that can be used to attack your security and anonymity. You
can do this by increasing Tor Browser's Security Settings in the shield
menu. Increasing Tor Browser's security level will stop some web pages
from functioning properly, so you should weigh your security needs
against the degree of usability you require.
> This popup question does not restrict your freedom to change security
slider settings at any time.
>
> Responsible for this popup question is Tor Browser Starter by Whonix
developers. It is an usability feature, which might break in future.
Therefore the user is advised to verify that the security slider has the
expected setting. Please donate!
>
> Preseeding:
>
> It is possible to avoid this popup question by preseeding the answer
to it. For that create a file /etc/torbrowser.d/50_user.conf with the
follow contents, if you want to answer "Yes".
>> tb_security_slider_safest=true
> Or if you want to answer "No".
>> tb_security_slider_safest=false
>
> Technical Details:
>
> This script is: /usr/bin/torbrowser
> Function: tb_security_slider
> All this would do is copying file
/usr/share/torbrowser/security-slider-highest.js to
/var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
> cp /usr/share/torbrowser/security-slider-highest.js
/var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
>
> **Set Tor Browser Security Slider to Safest?**
>
> Yes | No
Default: `No` since this is the default by The Tor Project which is the upstream/origin of Tor Browser.
https://www.whonix.org/wiki/Tor_Browser#Security_Slider
----
Having to answer this each time starting Tor Browser in a DispVM or changing a configuration file in TemplateVM is non-ideal usability wise. Therefore...
Quote @marmarek
> I'd say add `OnlyShowIn=X-QUBES-DispVM;`. And add support for it to qubes menu scripts.
We also need `NotShowIn=X-QUBES-DispVM;`.
That is because, if we had such a feature, tb-starter could ship three different desktop files.
* the usual (currently available one) for use in AppVM (which asks at first start of Tor Browser in AppVM) - this one should use `NotShowIn=X-QUBES-DispVM;`
* a default security slider setting Tor Browser starter desktop file using `OnlyShowIn=X-QUBES-DispVM;`
* a maximum security slider setting Tor Browser starter desktop file using `OnlyShowIn=X-QUBES-DispVM;`