How to securely customize Tor Browser in Whonix with add-ons and about:config entries?

I want clone the whonix-ws-15 template and install uBlock Origin and change a few about:config entries in the clone. I know add-ons can deanonymize the user, but pretty much everyone uses uBlock Origin (ads are annoying and bad for privacy and potentially for security) and I almost always install it when browsing anyway.

I know I can’t and shouldn’t run Tor Browser in the template VM (whonix-15-ws), so how should I add uBlock Origin? Are there identifying data, such as inadvertently creating a unique browser profile or unique IDs of add-ons that I have to worry about?

What about uBlock Origin version fingerprinting? I don’t want to be the only one with a current Tor Browser version and an old uBlock Origin version. If I somehow install uBlock Origin in the template, how can I make sure it’s always up to date? One solution is to have the add-ons update automatically every time I start the disp VM with Tor Browser, but that would be slow and kinda fingerprintable. Another solution is to somehow keep uBlock Origin updated in the template VM, but how would that work exactly? I can’t just start Tor Browser there every hour and try to download a new version of the add-on. Is there anything more elegant?

As for the about:config settings - I can manually edit some files, so that’s not really a problem.

I remember reading some guides, but I couldn’t find them this time.

:warning: Disclaimer

I can’t stress enough how important it is not to customize tor browser in ways that are detectable to websites. There are enough warnings out there such as in the tor browser manual in the Whonix wiki.

So what you are doing may render the Tor Browser’s anti-fingerprinting techniques useless. For uBlock origin in particular it might be the only exception where the fingerprint may not be as severedly harmed since TAILS odes include uBlock origin (no Idea why – if someone could point me to the reason that would be appreciated). But as you mention, uBlock origin version fingerpriting may be a problem.

I looked into this the other day. Previously it used to be possible to enable starting it in the template, customizing it, shutting it down and the changes to persist. But for a while now that no longer works. The torbrowser started on the DisposableVM will be based on a fresh copy of tor browser instead, thus ignoring all customizations you made.

So now I’ve only been able to configure the Tor Browser slider on these files

But not extension configuration. The above was taken from this thread:


To say the truth, I quite like the fact that whonix makes it extremely hard to customize tor browser. (Even if that’s not intentional) I believe actions that can severely harm the security/anonymity of users should be discouraged by the operating system, but tweaking the default security setting and forcing HTTPsEverywhere to block non-https websites should be easier to change.

1 Like

Don’t understand what you are saying here.
Create a qube, and mark it as template_for_dispvms - customise TBB in
that qube. DisposableVMs using it will show customizations.
You’ll have to update TB in the qube of course.

@unman this used to work but it is no longer the case. From what I’ve read, due to the threat of the browser’s profile being used for identification attacks (edit: see discussion on Customizing Firefox in Disposable VMs), the profile is generated from scratch when tor browser boots in the DVM. Try it yourself.

It totally breaks the usual Qubes customization workflow and expectation about how we can persist configurations.

E pur si muove

I use this every day - currently on TBB 9.5.4.
The only thing I’ve found that wont be set is custom NoScript, but as
you can set the Security Level, thats fine.
Customising the home pages, installing add-ins like privacy badger,
uBlock Origin, customising about:config settings, all work as you would
expect.

Of course, you should only do this in full knowledge of the
consequences, but @QubesUser32 seems to be aware of this.

Caveat - if @deeplow is talking about some Whonix thing, I have nothing
to say on that.

Ok. So just to clarify, here you’re talking about non-whonix TBB, right? If so, then we are not talking about the same thing, but I think @QubesUser32 meant customizations within Whonix disposable qubes.

I don know what is a “non-whonix TBB” - I mean the TBB.
I was explaining how this can be done.
If Whonix prevents customisation (really?), then the answer to his
original question seems to be “You Cant”.
@QubesUser32 should use a non-Whonix minimal template with networking
for the purpose.

By whonix TBB I mean (Tor Browser AnonDist) for whonix I believed is a TBB version specifically adapted for whonix (namely all the proxying required configured by default).

Then I agree with you that for now, if the risks are understood I’d go for that option as well.

I email - I dont know if this will work as a quote:

And other adaptations obviously.

Yes, of course.

It did (but as a nested quote, rather).

¯_(ツ)_/¯

Yup. I’d prefer using Whonix to a normal Debian or Fedora minimal template with TBB because Whonix is made for Tor use and has modifications specific to that use. Correct me if there’s no security benefit in Whonix.

By the way, how many people use uBlock Origin or other add-ons on Whonix? I find ads really distracting and imagine most people who know about uBlock Origin (pretty much everyone who uses Whonix) would install it, at least for longer browsing sessions.

You forgot this"\".

@QubesUser32 Patrick (from Whonix) was kind enough to update the documentation on this. So following that it should now be easy to implement these changes.

They are documented on the link bellow (click on the [Expand] button on the right).

It describes three approaches to customization:

1 Like

Suggesting a change to the documentation to alert users to the fact that customizing Tor Browser on Whonix Disposable VMs has a different workflow.

1 Like