Actions

Dev/Kicksecure Default Browser

From Whonix

< Dev


Kicksecure ™ Default Browser Considerations[edit]

Introduction[edit]

Kicksecure (not Whonix!) is primarily a security focused Linux distribution. Preferring security over privacy if such a decision is unavoidable. However, Kicksecure ™ will never implement outrageous privacy violations. It will even provider slightly better privacy than most other Linux distributions (such as no popularity contest installed), but otherwise no huge efforts to optimize privacy such as in Whonix. (And yet, Kicksecure ™ would be a suitable host for Whonix until Whonix-Host materializes. No contradiction here since Whonix works fine on top of any secure Linux distribution that does not implement outrageous privacy violations.)

Chromium is more secure than Firefox. [archive] [1] Therefore would be the natural choice as default browser for Kicksecure.

very hard to notice Phishing Scam - Firefox / Tor Browser URL not showing real Domain Name - Homograph attack (Punycode) [archive]

Even if Firefox would provide better privacy than Chromium, this would still not speak in favor of choosing Firefox as the only browser installed by default in Kicksecure ™ because as elaborated in the first paragraph in this chapter, Kicksecure ™ is primarily a security focused Linux distribution.

Other browsers not available from packages.debian.org are not considered (at least not in initial versions) because Kicksecure ™ will have a similar default application to Whonix default application policy.

However, Firefox should be preferred for reasons other than security and privacy, see threats to user freedom thorough market share domination. In future, Firefox might have better advertisement blocking capabilities?

SecBrowser (a browser providing better privacy when browsing clearnet) will not be installed by default in Kicksecure ™ because of grave usability issues, namely its window bar is still saying "Tor Browser" rather than Firefox or SecBrowser. That would be too confusing for new users of Kicksecure. Also Chromium is more secure than SecBrowser.

See also these Chromium considerations.

Therefore the decision which browser to install by default in Kicksecure ™ is a difficult one.

To not let the perfect be the enemy of the good, it's been decided to install Chromium by default in the initial versions of Kicksecure. The decision is based on practicality, available resources, achievable initial goals. It is a significant development effort to create a dedicated website for Kicksecure ™ and to create a new Linux distribution. Kicksecure ™ doesn't have to find solutions to the difficult mostly globally unaddressed Miscellaneous Threats to User Freedom right from the start.

See also #Potential Future Solutions which might be implemented in later stages of the development.

Disregarded Solutions[edit]

no browser installed by default[edit]

  • That would be a terrible user experience, specifically for Live ISO / USB users, waiting until all browser related packages are downloaded and installed using APT. Users want ready to go solution. The fact that they already have to invest time to get a new operating system is already a barrier. Asking them to wait till a browser downloads is too much.

install both firefox-esr and chromium by default[edit]

  • a waste of disk space
  • longer update times as both packages are downloaded in the future
  • not a strong stance against chromium

Potential Future Solutions[edit]

Might be implemented in a later version but not in the initial versions.

Browser Choice Dialog[edit]

Similar to this:

https://upload.wikimedia.org/wikipedia/en/e/e2/BrowserChoice.gif [archive]

During the build process of Kicksecure ™ download (cache) both packages, firefox-esr and chormium but don't install these. This is to avoid avoid APT traffic and time wasted on network download. In more technical terms, similar to this:

sudo apt update
sudo apt install --download-only firefox-esr
sudo apt install --download-only chromium

The packages will then be cached but didn't actually install the packages. These downloaded packages files will reside in folder /var/cache/apt/archives and otherwise do nothing. Would be cleaned up once the user runs sudo apt clean.

That would work well for ISO release but not for installation from repository. The latter not sure how important long term, perhaps for servers (server vendors won't offer Kicksecure ™ pre-install very soon) but then for servers no browser is required.

Not sure yet this can work with the ISO build process.

Also after first boot there is a technical issue. Suppose users would run sudo apt update followed by sudo apt dist-upgrade before ever starting a browser, which is recommended and good security practice. Then when running the browser choice dialog (through clicking browser icon in start menu)...

At this point the user most likely the browser choice tool cannot run sudo apt install firefox-esr or sudo apt install chromium on behalf of the user without network traffic. This is because dependencies, package versions changed meanwhile. (User run sudo apt update would have noticed that.) This decreases usability. Thereby the browser choice tool would be changed from offline install previously downloaded browser package to network dependent download and install of browser.

To keep the browser choice tool offline install previously downloaded browser package should the browser choice be a popup at first boot?

There might be technical solutions for all of this but this makes the default browser choice a major development task.

draft text for browser choice dialog[edit]

Not relevant yet since the browser choice dialog will not be implemented soon.

Kicksecure ™ supports any Debian compatible browser, but defaults to two major choices: Chromium and Firefox.

Please make a selection:

[x] Firefox
[ ] Chromium
[ ] Do not install any browser at this time
[ ] Do not ask again
[ ] Quit

Domain name will change go kicksecure.com.

Forum Discussion[edit]

https://forums.whonix.org/t/chromium-browser-for-kicksecure-discussions-not-whonix/10388 [archive]

Related[edit]



Fosshost is sponsors Kicksecure ™ stage server Whonix old logo.png
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: 1024px-Telegram 2019 Logo.svg.png Discourse logo.png Matrix logo.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Dev/Kicksecure Default Browser&body=https://www.whonix.org/wiki/Dev/Kicksecure_Default_Browser link=https://reddit.com/submit?url=https://www.whonix.org/wiki/Dev/Kicksecure_Default_Browser&title=Dev/Kicksecure Default Browser link=https://news.ycombinator.com/submitlink?u=https://www.whonix.org/wiki/Dev/Kicksecure_Default_Browser&t=Dev/Kicksecure Default Browser link=https://mastodon.technology/share?message=Dev/Kicksecure Default Browser%20https://www.whonix.org/wiki/Dev/Kicksecure_Default_Browser&t=Dev/Kicksecure Default Browser

AppArmor Join us in testing our new AppArmor profiles for improved security! ( forum discussion)

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.