Whonix developers focus their efforts on advanced anonymity with Tor being a core component. Why develop a package that disables Tor?
tb-upater was developed with design goals focused on securely downloading and verifying Tor Browser. However, requirements for a new operating system under development -- a security focused OS based on Hardened Debian [archive] (Kicksecure) -- called for a security hardened clearnet browser. SecBrowser ™ (Tor Browser without Tor) met those requirements. Hence, the
secbrowser wrapper that disables Tor was integrated into
What is Clearnet?
This term has two meanings:
- Connecting to the regular Internet without the use of Tor or other anonymity networks; and/or
- Connecting to regular servers which are not onion services, irrespective of whether Tor is used or not.
How does SecBrowser ™ disable Tor?
SecBrowser ™ supports custom user preferences
"user_pref" which can be used to change browser configuration and behavior. In
tb-starter the user preferences that disable Tor are located in /usr/share/secbrowser/user.js . When SecBrowser ™ starts this file is copied over to the corresponding SecBrowser ™ profile where the custom
user_pref(s) are parsed.
Tor is disabled by setting the following three preferences to false.
user_pref("extensions.torbutton.startup", false); user_pref("extensions.torlauncher.start_tor", false); user_pref("network.proxy.socks_remote_dns", false);
Can I use SecBrowser ™ in a Whonix-Workstation VM (
VMs behind Whonix-Gateway (
sys-whonix) are always routed through Tor, meaning traffic would still be torified. However, this is strongly recommended against because using SecBrowser ™ will break Tor Browser's per tab stream isolation.
Can I use SecBrowser ™ in a VM torified by something other than Whonix to avoid Tor over Tor?
This is strongly recommended against because using SecBrowser ™ will break Tor Browser's per tab stream isolation. A complete implementation compatible with Tor Browser's per tab stream isolation would be much better.
Does the SecBrowser ™ option alter any other browser behavior?
No, the only changes to SecBrowser ™ are to the preferences previously shown.
Can I add my own custom preferences to change SecBrowser ™ behavior?
Yes, but this could degrade security and privacy. See: SecBrowser ™ Settings.
I have an idea to improve SecBrowser ™'s security. Can I submit a patch?
Many security enhancements, such as (in theory) adding compile time hardening options, need to be submitted upstream to The Tor Project. Patches to
tb-starter or this wiki entry are always welcome!
- https://github.com/Whonix/tb-updater/commit/798e23c1f9ac1f0ccdfe22c2f79fb0e9f637e51e [archive]
- https://github.com/Whonix/tb-starter/commit/a9219fc2632f667c109cfcdc7e85fff462a60ed3 [archive]
- https://github.com/Whonix/tb-starter/blob/28102df140f3f0f8a9b1bd5bc7dc19336420ccce/usr/bin/torbrowser#L354-L365 [archive]