Actions

Template

SecBrowser Settings

From Whonix

Security Slider[edit]

SecBrowser ™ has a “Security Slider” in the shield menu. This can increase security [archive] by disabling certain web features that are possible attack vectors. By default, the Security Slider is set to “Safest” which is the highest security level. This security level will prevent some web pages from functioning properly, so security needs must be weighed against the degree of usability that is required.

Private Browsing Mode[edit]

In the default configuration Tor Browser has private browsing mode enabled. This setting prevents browsing and download history as well as cookies from remaining persistent across SecBrowser ™ restarts. However, tb-starter includes a custom user_pref that disables private browsing mode when SecBrowser ™ is used.

When private browsing mode is disabled SecBrowser ™'s built-in "long-term linkability" protections are deactivated. This means users are vulnerable to attacks which can link activities between earlier and later browsing sessions. If privacy is paramount users can enable private browsing mode by commenting out the corresponding user preference.

1. Open the user.js configuration file in an editor.

nano ~/.secbrowser/secbrowser/Browser/TorBrowser/Data/Browser/profile.default/user.js

2. Next, comment out "//" user_pref("browser.privatebrowsing.autostart", false);.

Check the text block is identical to the one below.

// Normalize SecBrowser ™ behavior
user_pref("extensions.torbutton.noscript_persist", true);
//user_pref("browser.privatebrowsing.autostart", false);

If you prefer to keep private browsing mode disabled, it may be advantageous to install one or more anti-tracking browser extensions. The extensions Disconnect [archive], Privacy Badger [archive] and uBlock Origin [archive] are all open-source and are generally recommended. Research which one(s) may be most suitable in the circumstances; their use cases are different.

Persistent NoScript Settings[edit]

tb-starter includes a user_pref that allows custom NoScript settings to persist across browser sessions. This is also a security vs usability trade-off.[1] If the SecBrowser ™ “Security Slider” setting is changed afterwards, all NoScript preferences are overridden and all custom, per-site settings are lost. This holds true regardless of whether the security setting was increased or decreased.

If the persistent NoScript setting is undesirable, this can easily be disabled by commenting out the corresponding user_pref.

1. Open the user.js configuration file in an editor.

nano ~/.secbrowser/secbrowser/Browser/TorBrowser/Data/Browser/profile.default/user.js

2. Next, comment out "//" user_pref("extensions.torbutton.noscript_persist", true);

Check the text block is identical to the one below.

// Normalize SecBrowser ™ behavior
//user_pref("extensions.torbutton.noscript_persist", true);
user_pref("browser.privatebrowsing.autostart", false);

Remember Logins and Passwords for Sites[edit]

To increase usability, SecBrowser ™ can (by default) save site login information such as user names or passwords. This usability improvement was implemented by setting signon.rememberSignons to true, which allows this information to be saved across browser sessions.

If you prefer to disable this feature open user.js in an editor and comment out the corresponding user_pref.

1. Open the user.js configuration file in an editor.

nano ~/.secbrowser/secbrowser/Browser/TorBrowser/Data/Browser/profile.default/user.js

2. Next, comment out "//" user_pref("signon.rememberSignons", true);

Check the text block is identical to the one below.

// Save passwords.
//user_pref("signon.rememberSignons", true);

Startup[edit]

SecBrowser ™ no longer opens with a red background and a message stating "Something Went Wrong!" Tor is not working in this browser. [2] This warning was disabled by toggling the user preference extensions.torbutton.test_enabled to false. [3]