It’s not really complicated, you can see how it was done in the linked guide as an example.
Yes, periodic (with some randomness) updates would be better from the privacy standpoint.
To be precise in the guide that I’ve linked it’s not a browser that is initiating the extension update but a python script in the cacherVM is doing it before the browser in browserVM is even started.
It’s not really complicated, you can see how it was done in the linked guide as an example.
I don’t “speak” Python but I will see what the documentation offers.
To be precise in the guide that I’ve linked it’s not a browser that is initiating the extension update but a python script in the cacherVM is doing it before the browser in browserVM is even started.
Indeed. That implies a call home even without a browser.
BTW, since you use many browsing VMs and in regards to potential improvements:
Do you see any reason to use different filter lists in different VMs? (e.g. one set for TB, another for clearnet Firefox, FF@VPN, etc)
There is no python-specific things for “qvm-copy-from-vm” there. In python script the only line related to it is this one:
s.call(['/usr/lib/qubes/qfile-agent',addon_dest_file])
And it’s just a shell command call:
/usr/lib/qubes/qfile-agent /path/to/extension/file
So you can replace the python script that’s just doing the extension download/update with bash script and at the end of bash script add the line above.
Yes, it’s worth considering.
For TB it’s better to make the same configuration for uBO as in Tails (and maybe there is some other configs which are different from default TB) so you’ll at least in the fingerprinting pool of Tails users and not unique.
For firefox with clearnet/VPN I’m using default uBO filter lists.
But for one of the VPNs I’m using additional regional filter list for a specific disposable template.
Thanks but I have no idea what qfile-agent does or how it is supposed to be used. The only info I found is a single sentence mentioning it:
The rpc action for regular file copy is qubes.Filecopy, the rpc client is named qfile-agent, the rpc server is named qfile-unpacker.
That surely doesn’t explain enough. No man page, not even --help. Is there any official documentation about all this?
Yes, it’s worth considering.
OK.
For TB it’s better to make the same configuration for uBO as in Tails (and maybe there is some other configs which are different from default TB) so you’ll at least in the fingerprinting pool of Tails users and not unique.
Perhaps the only way to “hide in the Tails crowd” is to use Tails (not Whonix or Qubes).
AFAIK, Tails explicitly disables uBO’s filter list updater (perhaps it also freezes uBO’s version). Since the goal is obviously to protect anonymity for the general (non-expert) user, these extra measures make sense.
quBO explicitly works to keep everything up to date and assumes a careful user who understands that the more browser features one enables (CSS, scripts, 3p stuff), the more info the remote host can get. This makes quBO useful if e.g. one wants to hide one’s traffic from the ISP and not to be tracked for marketing purposes.
I think I figured it out:
In dom0:
# /etc/qubes/policy.d/30-default.policy
user.Foo * BBB AAA allow
In AAA:
$ touch ~/abc.txt
# /usr/local/etc/qubes-rpc/user.Foo
#!/bin/bash
/usr/lib/qubes/qfile-agent /home/user/abc.txt
In BBB:
$ qrexec-client-vm --filter-escape-chars-stderr -- AAA user.Foo /usr/lib/qubes/qfile-unpacker
$ find ~/QubesIncoming/
/home/user/QubesIncoming/
/home/user/QubesIncoming/dom0
/home/user/QubesIncoming/dom0/abc.txt
So, this works and is simpler than I thought!
Thanks for the idea.
I want to try this. Enough Tails users have UBO that having UBO added shouldn’t be a problem.
Every time I update whonix template, Tails gives me a “Tor Browser has set your display language to…” bar and I have to either close this every time or go into the template to change it. Tor Browser updates a lot so this is very annoying.
Is there anything I can add to this when setting it up that gets rid of that terrible message?
Add this line to /usr/local/etc/torbrowser.d/user.js in your disposable template:
user_pref("intl.language_notification.shown", true);
intl.language_notification.shown (true disables initial notification about language)
Every time I update whonix template, Tails gives […]
I have no idea what you mean by this. Whonix is one OS, Tails is another (which I have never used). quBO is made to work with Whonix but it can be customized to work with any Firefox-based browser.
Add this line to
/usr/local/etc/torbrowser.d/user.jsin your disposable template:user_pref("intl.language_notification.shown", true);
Not necessary with quBO, as it already has it in the policies.json.