[Whonix-devel] #19652 [Applications/Tor Browser]: permission to install Tor Browser by default in Whonix

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 14 19:27:37 CEST 2016


#19652: permission to install Tor Browser by default in Whonix
--------------------------------------+--------------------------
 Reporter:  adrelanos                 |          Owner:  tbb-team
     Type:  task                      |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by adrelanos):

 Replying to [comment:1 arma]:
 > For example, does it add Flash support to Tor Browser?

 No such grave modifications.

 > 1) Is the Tor Browser that Whonix wants to ship modified in any way from
 the Tor Browser that you get from the Tor website?

 No modifications to any files in the Tor Browser folder.

 There are environment variables modifications.

 {{{
 ## Deactivate tor-launcher,
 ## a Vidalia replacement as browser extension,
 ## to prevent running Tor over Tor.
 ## https://trac.torproject.org/projects/tor/ticket/6009
 ## https://gitweb.torproject.org/tor-launcher.git
 export TOR_SKIP_LAUNCH=1

 ## environment variable to skip TorButton control port verification
 ## https://trac.torproject.org/projects/tor/ticket/13079
 export TOR_SKIP_CONTROLPORTTEST=1

 ## Environment variable to disable the "TorButton" ->
 ## "Open Network Settings..." menu item. It is not useful and confusing to
 have
 ## on a workstation, because Tor must be configured on the gateway, which
 is
 ## for security reasons forbidden from the gateway.
 ## https://trac.torproject.org/projects/tor/ticket/14100
 export TOR_NO_DISPLAY_NETWORK_SETTINGS=1
 }}}

 -----

 {{{
    export TOR_CONTROL_HOST="127.0.0.1"

    export TOR_CONTROL_PORT="9151"

    ## this is to satisfy Tor Button just filled up with anything
    export TOR_CONTROL_PASSWD='"password"'
 }}}

 -----

 {{{
 TOR_DEFAULT_HOMEPAGE=/usr/share/homepage/whonix-welcome-page/whonix.html
 }}}

 Whonix Welcome Page

 * https://github.com/Whonix/whonix-welcome-page
 * ([https://firstlook.org/wp-uploads/sites/1/2015/08/whonix4-1000x673.png
 older screenshot] [now search box removed])

 -----

 Tor Browser connects to localhost. From there we are using rinetd (Whonix
 13) or socat (Whonix 14 and above) to redirect 127.0.0.1:9150 to Whonix-
 Gateway. (Same for Tor ControlPort.)

 -----

 We have optional AppArmor support but the user has to learn it through the
 whonix.org website and self install the apparmor-profile-torbrowser
 package.

 * https://www.whonix.org/wiki/AppArmor
 * https://github.com/Whonix/apparmor-profile-torbrowser

 > 2) Is the Tor Browser in Whonix used in a different way or different
 context than Tor Browser usually is?

 Apart from above environment variables changes and port redirection, there
 is no difference.

 Deliberately the changes are as minimal as possible and only for
 distribution integration reasons.

 > For example, does it maintain the "stream isolation by tab" feature?

 Yes.

 > I ask because we want to make sure people don't call stuff "Tor" if they
 then use it in a context where you don't get the properties that Tor + Tor
 Browser provide.
 >
 > (For example, imagine somebody wanted to grab Tor Browser, and remove
 Tor from it, and still call it Tor Browser. That would be bad. But it
 doesn't look like this is that situation.)

 Right.

 Replying to [comment:2 arma]:
 > (To be clearer, I think we should try to say yes here -- or, if needed,
 we should fix things until we can say yes.)

 Yes. That is great!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19652#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the Whonix-devel mailing list