Another way to prevent Tor over Tor is listening on TBB's default port
127.0.0.1:9150, so TBB's Tor won't be able to listen on that port.
Axon:
> Either way, that's easy enough: Either create the file and put it
> in ~/.profile, or just delete tor-browser_en-US/App/tor.
Only deleting tor-browser_en-US/App/tor can't be a final solution.
Once TBB gets its own updater, that may break.
This was by the way the Firefox users.js proxy settings method.
## Editing /home/"$USERNAME"/tor-browser_"$TB_LANG"/Data/profile/users.js
##
http://kb.mozillazine.org/User.js_file
## Configuring Tor Button to use SOCKSPort;
## expanding extensions.torbutton.banned_ports with Whonix specific ports.
echo '
## Begin of patched user.js.
## If you edit this file while Firefox is running, your changes will be
## overwritten, when you close Firefox.
## How to create the user.js network settings:
## 1. Make a backup of prefs.js.
## 1. Start Tor Browser with the patched start script.
## 2. Apply proxy settings using the Tor Button settings dialog..
## 3. Make a diff from the old and the new pref.js.
## 4. Copy the relevant changes to user.js.
## network settings
## (Are now set in /etc/environment - or not...)
## (See /etc/environment.)
user_pref("extensions.torbutton.use_privoxy", false);
user_pref("extensions.torbutton.settings_method", "custom");
user_pref("extensions.torbutton.socks_host", "192.168.0.10");
user_pref("extensions.torbutton.socks_port", 9100);
user_pref("network.proxy.socks", "192.168.0.10");
user_pref("network.proxy.socks_port", 9100);
user_pref("extensions.torbutton.custom.socks_host", "192.168.0.10");
user_pref("extensions.torbutton.custom.socks_port", 9100);
## End of user.js.
' >>
/home/"$USERNAME"/tbbdownload/tor-browser_"$TB_LANG"/Data/profile/user.js
Anyhow. After a lot experience integrating Tor Browser into Whonix,
I've came to the conclusion, that using proxy settings, user.js or
proxy settings environment variables will break every now and then.
For times when it breaks, users are told to manually update Tor
Browser. And this discussion about Tor over Tor and changing proxy
settings starts again.
The new low maintenance strategy from a developer perspective is
setting "export TOR_SKIP_LAUNCH=1" and hoping that won't break in
further versions. And not changing anything in Tor Browser, leaving
the defaults (little else gets tested by upstream anyway), and using
port redirection (rinetd) to forward port
127.0.0.1:9150 (default
port) to whatever the gateway provides.
Anyone capable for omitting rinetd and doing such port redirection
with pure iptables?
The advantage of no longer needing to tell users how to modify proxy
settings is, that they don't need to wait until some template/package
is updated. And that they can always use the stock version from
torproject.org and are unable to mess up one way or another. People
will do as Tor Browser / Tor Button tells them and update directly
from
torproject.org. They don't have such an compartmentalization of
QubesOS/TorVM/TBB/Tor Browser/
torproject.org in mind, they see a