Dev/Kicksecure Default Browser

From Whonix

< Dev

Kicksecure Default Browser Considerations[edit]


Kicksecure (not Whonix!) is primarily a security focused Linux distribution. Preferring security over privacy if such a decision is unavoidable. However, Kicksecure will never implement outrageous privacy violations. It will even provider slightly better privacy than most other Linux distributions (such as no popularity contest installed), but otherwise no huge efforts to optimize privacy such as in Whonix. (And yet, Kicksecure would be a suitable host for Whonix until Whonix-Host materializes. No contradiction here since Whonix works fine on top of any secure Linux distribution that does not implement outrageous privacy violations.)

Chromium is more secure than Firefox. [archive] [1] Therefore would be the natural choice as default browser for Kicksecure.

Even if Firefox would provide better privacy than Chromium, this would still not speak in favor of choosing Firefox as the only browser installed by default in Kicksecure because as elaborated in the first paragraph in this chapter, Kicksecure is primarily a security focused Linux distribution.

Other browsers not available from are not considered (at least not in initial versions) because Kicksecure will have a similar default application to Whonix default application policy.

However, Firefox should be preferred for reasons other than security and privacy, see threats to user freedom thorough market share domination. In future, Firefox might have better advertisement blocking capabilities?

SecBrowser (a browser providing better privacy when browsing clearnet) will not be installed by default in Kicksecure because of grave usability issues, namely its window bar is still saying "Tor Browser" rather than Firefox or SecBrowser. That would be too confusing for new users of Kicksecure. Also Chromium is more secure than SecBrowser.

See also these Chromium considerations.

Therefore the decision which browser to install by default in Kicksecure is a difficult one.

To not let the perfect be the enemy of the good, it's been decided to install Chromium by default in the initial versions of Kicksecure. The decision is based on practicality, available resources, achievable initial goals. It is a significant development effort to create a dedicated website for Kicksecure and to create a new Linux distribution. Kicksecure doesn't have to find solutions to the difficult mostly globally unaddressed Miscellaneous Threats to User Freedom right from the start.

See also #Potential Future Solutions which might be implemented in later stages of the development.

Disregarded Solutions[edit]

no browser installed by default[edit]

  • That would be a terrible user experience, specifically for Live ISO / USB users, waiting until all browser related packages are downloaded and installed using APT. Users want ready to go solution. The fact that they already have to invest time to get a new operating system is already a barrier. Asking them to wait till a browser downloads is too much.

install both firefox-esr and chromium by default[edit]

  • a waste of disk space
  • longer update times as both packages are downloaded in the future
  • not a strong stance against chromium

Potential Future Solutions[edit]

Might be implemented in a later version but not in the initial versions.

Browser Choice Dialog[edit]

Similar to this: [archive]

During the build process of Kicksecure download (cache) both packages, firefox-esr and chormium but don't install these. This is to avoid avoid APT traffic and time wasted on network download. In more technical terms, similar to this:

sudo apt update
sudo apt install --download-only firefox-esr
sudo apt install --download-only chromium

The packages will then be cached but didn't actually install the packages. These downloaded packages files will reside in folder /var/cache/apt/archives and otherwise do nothing. Would be cleaned up once the user runs sudo apt clean.

That would work well for ISO release but not for installation from repository. The latter not sure how important long term, perhaps for servers (server vendors won't offer Kicksecure pre-install very soon) but then for servers no browser is required.

Not sure yet this can work with the ISO build process.

Also after first boot there is a technical issue. Suppose users would run sudo apt update followed by sudo apt dist-upgrade before ever starting a browser, which is recommended and good security practice. Then when running the browser choice dialog (through clicking browser icon in start menu)...

At this point the user most likely the browser choice tool cannot run sudo apt install firefox-esr or sudo apt install chromium on behalf of the user without network traffic. This is because dependencies, package versions changed meanwhile. (User run sudo apt update would have noticed that.) This decreases usability. Thereby the browser choice tool would be changed from offline install previously downloaded browser package to network dependent download and install of browser.

To keep the browser choice tool offline install previously downloaded browser package should the browser choice be a popup at first boot?

There might be technical solutions for all of this but this makes the default browser choice a major development task.

draft text for browser choice dialog[edit]

Not relevant yet since the browser choice dialog will not be implemented soon.

Kicksecure supports any Debian compatible browser, but defaults to two major choices: Chromium and Firefox.

Please make a selection:

[x] Firefox
[ ] Chromium
[ ] Do not install any browser at this time
[ ] Do not ask again
[ ] Quit

Domain name will change go

text=Jobs in USA
Jobs in USA

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: Twitter.png Facebook.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Do you wonder why Whonix will always be free? Check out Why Whonix is Freedom Software [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.