whonix tor browser customization

[panina]

Hello.


I've been looking for how to fix some bad default settings in the whonix
tor browser. Namely, they removed NoScript from the toolbar, so that the
NoScript cannot be used as intended.

Since it's not adviced (and not easily possible) to start the browser in
the template, I have to do this manually each time I start a whonix dvm.
Since this is cumbersome, I'm not using the NoScript plugin as intended.

Does anyone know how to get this plugin into the toolbar for each dvm? I
realize that this is a Whonix issue, but all of the affected users are
on this list...


<3

/panina

[awokd]

panina:

You might be able to hack it like in 14-
https://forums.whonix.org/t/how-do-i-customise-tor-browser-in-a-whonix-templatebased-dvm-in-whonix-14/5580/27.
Note it may compromise anonymity by making your browser unique or at
least less generic.

[Patrick Schleizer]

panina:

> Namely, they removed NoScript from the toolbar, so that the
> NoScript cannot be used as intended.

We did not. Decision by upstream, The Tor Project.

https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733

[panina]

Can't seem to get this working. I get confused by how the dvm's work,
and am not succeeding in starting any applications in the dvm template.



On 8/9/19 9:05 AM, Patrick Schleizer wrote:
>> panina:

>> Namely, they removed NoScript from the toolbar, so that the
>> NoScript cannot be used as intended.
>
>

> We did not. Decision by upstream, The Tor Project.
>
>
https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733

Thanks, duly noted. Is there any chance to get them to add a setting for
this? Or re-think their decision?

<3
/panina

[g80vm...@riseup.net]

panina:

Please see:
https://trac.torproject.org/projects/tor/ticket/30600
https://trac.torproject.org/projects/tor/ticket/30570

TL;DR The TBB developers pushed out some half-baked changes that
compromise UX, are hostile to the idea of reverting those changes, and,
three months later, apparently have zero interest in fully baking those
changes.

¯\_(ツ)_/¯

[Matthew Finkel]

That's a little harsh, isn't it? Saying there is no interest is
ignoring the fact that Tor Browser is maintained by a team of 10
people for four different operating systems. Tor Browser is useless
(and actively harmful) if users are confused about which settings they
should change (due to careful design choices) and which settings they
shouldn't change. The Noscript and https-everywhere buttons on the
toolbar allowed people to tweak the settings easily, and this was not
something a normal user should do. If someone really needs to change
these settings, then they can go through a more complicated procedure
for accomplishing that.

The team will finish implementing this, but (in particular) the
highest priority task right now is migrating the Tor Browser patches
and build system from Firefox 60esr to 68esr within the next few
weeks.

[panina]

Well, personally the Tor browser is largely useless with default
settings. I'm actively avoiding recommending Tor Browser to
non-technical users right now since it breaks webpages. Almost a
majority of them.
It's gone from being a superb way of hiding your traffic, usable by
everyday surfers behind government firewalls. The privacy-aware crowd
has been accused of being elitist, and this move is in line with that
accusation.

But the politics of TB isn't what this mailing list is for.

Since I can't seem to hack the whole template/DVM scheme, I think I'll
just have to go back to my own tweaked firefox setup. I guess I can put
that behind a whonix gateway, should go some way towards being anonymized...

wish a better day for y'all
/panina

[awokd]

panina:

>
> Well, personally the Tor browser is largely useless with default
> settings. I'm actively avoiding recommending Tor Browser to
> non-technical users right now since it breaks webpages. Almost a
> majority of them.

Afraid I'm not following. The default settings are the most compatible.
Making it easier for non-technical users to play around with them would
only result in more broken websites.

> It's gone from being a superb way of hiding your traffic, usable by
> everyday surfers behind government firewalls. The privacy-aware crowd
> has been accused of being elitist, and this move is in line with that
> accusation.

Making TB safer/easier for non-technical users seems the opposite of
elitist to me?

> But the politics of TB isn't what this mailing list is for.

True; I think security discussions are OK though. (?)

> Since I can't seem to hack the whole template/DVM scheme, I think I'll
> just have to go back to my own tweaked firefox setup. I guess I can put
> that behind a whonix gateway, should go some way towards being anonymized...

Personally, I run the default Whonix templates and manually set the
Security Level on Safest every time I start TB in a DVM. If a site needs
a lower level, I'll open it in a separate DVM instance. It is a pain,
but I didn't want to chance a customized prefs.js etc. making my browser
unique so I hadn't investigated further since Whonix 14.

[g80vm...@riseup.net]

Matthew Finkel:

We're getting off-topic here, and I also don't wish to bring Tor Project
politics into this list.

That said:
> That's a little harsh, isn't it? Saying there is no interest is
> ignoring the fact that Tor Browser is maintained by a team of 10
> people for four different operating systems.

No, it is frankly not harsh enough.

Available developer time to finish implementing the half-baked changes
is irrelevant. The correct way to do this would have been to wait until
the changes were fully baked (i.e. until Proposal 101 was fully
implemented, including per-site security settings), rather than
half-assing them, pushing them out the door, then three months later
thinking about maybe getting around to finishing up sometime in the
future after higher priority tasks are done.

> [...] this was not something a normal user should do.

Well, I don't know how things *should* be, but an awful lot of TBB users
have found these controls essential. I personally have had to explain
to multiple non-technical TBB users in meatspace how to re-access the
NoScript widget, which they all have found essential to using TBB.

Regardless of available developer time and priorities, breaking a
feature many users find essential without any warning, not giving any
explanation of how to access that essential feature, and then forgetting
about un-breaking that feature for months is simply piss-poor project
management.

[Patrick Schleizer]

panina:

> On 8/9/19 9:05 AM, Patrick Schleizer wrote:
>>> panina:
>>> Namely, they removed NoScript from the toolbar, so that the
>>> NoScript cannot be used as intended.
>>
>>
>> We did not. Decision by upstream, The Tor Project.
>>
>>
> https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733
>
> Thanks, duly noted. Is there any chance to get them to add a setting for
> this? Or re-think their decision?

It's not up to me at all. The Tor Project is the only point of contact
fo this.

[tetra...@danwin1210.me]

Did upstream (Tor) also change the NoScript settings to block all
javascript on all sites by default, even at the lowest Tor Browser
security level?

This is what seems to be happening for me. It is a pain, since any
attempt to fix the settings goes away once the disposable Whonix VM
dies.

[brenda...@gmail.com]

On Tuesday, September 10, 2019 at 2:13:46 PM UTC-4, tetra...@danwin1210.me wrote:

Did upstream (Tor) also change the NoScript settings to block all
javascript on all sites by default, even at the lowest Tor Browser
security level?

Not exactly. Upstream intended the security slider to be set at Standard and the behavior to be Javascript mostly on.

However, some TB versions (I experienced tihs under whonix-14 at least) has an issue, where while it defaults to the "Standard" setting as per upstream, TB acted as if set to the "Safest" setting. This appears to be a TB bug.

Manually adjusting the setting back and forth in firefox preferences fixes the issue for that session, but the problem appears again on restart.

 

This is what seems to be happening for me. It is a pain, since any
attempt to fix the settings goes away once the disposable Whonix VM
dies.

Under whonix-15, the whonix developers have inserted a presetting question on startup allowing you to choose what you want the default on startup to be, and the bug where the setting is one way, and the buggy behavior above does not seem to be present.

You still have to set it again each time a disposable VM starts, but it's more straightforward, at least in my opinion.

Brendan

[awokd]

brenda...@gmail.com:

> Under whonix-15, the whonix developers have inserted a presetting question
> on startup allowing you to choose what you want the default on startup to
> be, and the bug where the setting is one way, and the buggy behavior above
> does not seem to be present.

I haven't seen this preset question. Is there a way to trigger it?

> You still have to set it again each time a disposable VM starts, but it's
> more straightforward, at least in my opinion.

Might be missing something here, but wouldn't that defeat the purpose?
I'd like very much to set all my disposables to start on Safest.

[Brendan Hoar]

On Tue, Sep 10, 2019 at 2:40 PM 'awokd' via qubes-users <qubes...@googlegroups.com> wrote:

brenda...@gmail.com:

> Under whonix-15, the whonix developers have inserted a presetting question
> on startup allowing you to choose what you want the default on startup to
> be, and the bug where the setting is one way, and the buggy behavior above
> does not seem to be present.

I haven't seen this preset question. Is there a way to trigger it?

I dropped all my whonix-14 VMs and templates yesterday and used salt to install the whonix-15 templates (again: I'm also on the R4 current-testing repo), and I see the question once every dispvm start.

 

> You still have to set it again each time a disposable VM starts, but it's
> more straightforward, at least in my opinion.

Might be missing something here, but wouldn't that defeat the purpose?
I'd like very much to set all my disposables to start on Safest.

From my read, it is possible you could set it in the DVM template (there are instructions on how to set the startup files in the filesystem to bypass the question).

Here's the text of the dialog (some of the text hyperlinks elsewhere):

----------------

First Start of Tor Browser (AnonDist) - Security vs Usability Trade-off

In the stock Tor Browser configuration, JavaScript is enabled by default for greater usability. The Tor Project provides a rationale for this decision.

The producers of Tor Browser decided the security slider setting to be set to "Standard" by default. Quote Tor Browser Manual:
You can further increase your security by choosing to disable certain web features that can be used to attack your security and anonymity. You can do this by increasing Tor Browser's Security Settings in the shield menu. Increasing Tor Browser's security level will stop some web pages from functioning properly, so you should weigh your security needs against the degree of usability you require.
This popup question does not restrict your freedom to change security slider settings at any time.

Responsible for this popup question is Tor Browser Starter by Whonix developers. It is an usability feature, which might break in future. Therefore the user is advised to verify that the security slider has the expected setting. Please donate!

Preseeding:

It is possible to avoid this popup question by preseeding the answer to it. For that create a file /etc/torbrowser.d/50_user.conf with the follow contents, if you want to answer "Yes".
tb_security_slider_safest=true
Or if you want to answer "No".
tb_security_slider_safest=false
Technical Details:

This script is: /usr/bin/torbrowser
Function: tb_security_slider
All this would do is copying file /usr/share/torbrowser/security-slider-highest.js to /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js.
cp /usr/share/torbrowser/security-slider-highest.js /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
Set Tor Browser Security Slider to Safest?

[No] [Yes]

----------------

My read is that whonix dev(s) do not want to contradict the choices of the Tor project, even if controversial (I see good arguments on both sides).

Whonix dev(s) are also probably (I am guessing here) tired of getting questions about these settings every day.

I'll paraphrase: "Here's the shotgun. Use it wisely. Know where your limbs are at all times."

B

PS - why I continued to see the bug where the setting and behavior were different in -14 vs. -15 I don't know, but I do have a more recent version of TB in -15, so maybe that's it.

[awokd]

Brendan Hoar:

> On Tue, Sep 10, 2019 at 2:40 PM 'awokd' via qubes-users <
> qubes...@googlegroups.com> wrote:

>> I haven't seen this preset question. Is there a way to trigger it?
>>
>
> I dropped all my whonix-14 VMs and templates yesterday and used salt to
> install the whonix-15 templates (again: I'm also on the R4 current-testing
> repo), and I see the question once every dispvm start.

I have one of my PCs on current-testing as well (thanks to ADW's nudging
on the list a while back) and will update it. Wonder if I need a new -15
template. Thanks for the heads up and details!

[awokd]

awokd:

This worked perfectly:

- update
- terminal on whonix-ws-15
- sudo nano /etc/torbrowser.d/50_user.conf
- tb_security_slider_safest=true
- save and poweroff

Dispvm Tor Browsers now default to Safest. I see the user.js it copies
is only 2 lines long with no identifiers, so it should have no
fingerprint impact beyond what takes place when a user moves the slider
as far as I can tell. Nice work adrelanos and 0brand and any others I
may have missed.