[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Tor Browser auto resize feature functional in Qubes?


#21

In Qubes dom0 have ultimate control over window position/size. VM
application isn’t asked before doing any move/resize operation. What VM
application can do, is to advertise that some window should not be
maximized, some minimum/maximum size. And if application really want, it
can undo the change.
Not sure what to do here to not introduce too much complexity.

Maybe disable maximizing at all for this window? Possibly with some option
to disable the protection? Not a good UX… But how useful/often is
maximizing TorBrowser window? IIUC this leaks screen resolution, so
isn’t a good idea.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?


#22

Not great UX and possibly fingerprintable since on other platforms users are doing this.

[quote=“marmarek, post:21, topic:1480”]
But how useful/often is maximizing TorBrowser window?[/quote]
Very. I suspect it’s a very common thing.

[quote=“marmarek, post:21, topic:1480”]
IIUC this leaks screen resolution, so isn’t a good idea.[/quote]
Not so much. TBB developers implemented to round up resolutions up to common sizes recently.

So we really have a Qubes vs Non-Qubes difference here that results in a fingerprinting vector.


#23

Started VNC session (vnc4server, not x11vnc), so window doesn’t interact directly with Qubes GUI agent. It uses kwin as window manager. And still nothing happens when resizing the window (no automatic correction, no gray area, etc). But there is a warning about maximizing. So there is some difference (not sure if warning presence itself is fingerprintable).

Interestingly when I switch to fullscreen (F11), there is no warning, in none of the cases (VNC, direct Qubes).

All tests done in Whonix workstation.


#24

I advice to test qubes-template-debian based AppVM vs non-Qubes Debian
to get Whonix out of the equation.


#25

The same result. What is expected behavior? Is it only about missing maximize warning? Or also something should happen on any resize?


#26

marmarek:

The same result.

To be expected. My point is just, to figure out a non-Qubes Debian vs
qubes-template-debian issue it’s a lot better to not use Whonix. Thereby
anything that Whonix does is guaranteed from not interfering. Otherwise
what we are chasing just gets more complicated and could theoretically
be a Whonix issue. As a best debugging practice.


#27

Yes, Whonix wasn’t involved in the second test.


#28

No. I think we can forget about maximize warning… I’ve tested with Tor Browser 6.0a4 hardened: there is no maximization warning message anymore. Neither in plain Debian nor in Qubes Debian template.

Resolution plain Debian vs Qubes Debian template should match. But does not. Included in the following bug report…

Answer is included in the following bug report…


#29

Tor Browser 6.0a4 hardened: there is no maximization warning message anymore. Neither in plain Debian nor in Qubes Debian template.

yes it doesnt. but u r talking about alpha releases, how about stable releases ? till now stable releases giving the same warning, in other word users of stable TBB inside Qubes-Whonix r traceable with page size problem, until either TBB releases their stable version of 6 or Whonix fix this now.


#30

Good day,

Like said before, the TBB is able to obfuscate your real resolution, as long as JS is turned of. And once it is turned on, there are far bigger tracking factors in play, which is why at this point I don’t see a problem arising from this.
Have a nice day,

Ego


#31

Got asked just now if this is still an issue.

https://github.com/QubesOS/qubes-issues/issues/1856#issuecomment-439023404

Can you still reproduce this bug?


#32

still an issue , TBB cant know what size the screen running into. (no warnings when you full size the screen)