Arkenfox’s approach differs wildly from Tor’s. The former focuses on making it harder to gather information on you or on a focus on customizing your setup. In contrast, the latter focuses on making you look as identical as it can to its other users. Customize beyond what I mention and you can and will compromize your (pseudo?)anonymity.
Owing to this, you want close to zero modifications for Tor browser. The only things you may freely modify are the security slider, .onion prioritizing, your search engine, and maybe your locale. Touch nothing else and do not expand the window. There are many more intricacies to its use, and it’s easy to shoot yourself in the foot (like I did in my past…). Depending on your threat model, it may be relatively harmless (say, you just wish for some privacy). Or it may necessitate you to flee your area (say, you’re a journalist in China, the next Assange, a political activist, and so on and so forth).
Edit: I sound harsh because it’s super easy to harm yourself with Tor by accident or through mishap. I hope I didn’t sound overly aggressive
It’s ridiculously narrow by default. You can’t even drag it wider with the mouse? (I can understand a prohibition against making it cover the whole screen.)
More seriously, what I’m getting here is that if you want to use Tor, you should simply use the split-browser implementation and not do this Grand Unified Browser, because there’s very little customization (which is what Arkenfox brings to the table) that’s not actively harmful. Is that right? If so I might edit my original post to reflect this.
I’ll sound harsh too, but sincerely not maliciously. Please name one case where Arkenfox makes sense more in Qubes than the Qubes’ philosophy itself? I am genuinely interested in to learn it is better than the approach (routine) I developed using Qubes.
It’s “hardening” that brought me to Qubes, not vice versa.
It’s narrow by design. While it does letterbox, it’s not perfect. It’s like this to make it harder to tell users apart. It’s much easier to suggest users to not expand beyond a small window than it is to hide screen dimensions.
Tbh I have no idea about split browser with Tor. I think you can ask on Whonix’s forum. They have a Qubes subsection. Edit: While you’re there you can ask them about window dimensions
I just know enough and have a low enough threat model to lightly browse with it. I have no idea about its intricacies except for a few tidbits unrelated to this thread’s subject. I simply read enough about it to know that blind usage is a bad idea.
Firefox / Tor Browser can export bookmarks to a much easier to parse JSON file (though the Manage Bookmarks window calls this a “backup”, and uses “export” to refer to the old not-quite-HTML format). There is a script to translate this JSON bookmarks file to Split Browser’s TSV format:
If you only have a .html export, you could use Firefox’s Manage Bookmarks screen to “import” it, then “backup” to JSON.
@RustyBird, I actually just yesterday merged an “importer” utility I wrote a few days ago into the “bookmark manager” app I created. (I’ll describe that below.)
Here’s the bad news: It’s importing into the tree-style menu (i.e., one with a “folder” hierarchy) I created. However, that file is exactly like the one split browser uses by default, except for a fourth column giving the “path” (gtk-style) to the bookmark. [basically, they look like this: “1:2:3” means the fourth child of the third child of the second top-level item, of course it numbers things like C does, starting with zero.] It also creates “folders” (title with no URL). The HTML file has nested folders in it, I simply preserve them. (I also allow for starting the top-level numbering with something higher than zero in case it’s being appended to an existing tree of bookmarks.) However, it’d be relatively trivial to go back to my original separate conversion utility, have it ignore folders, and skip writing the path. It would then be an HTML to three-column tsv file conversion utility.
The other piece of bad news is this is C++ code that has to be compiled, rather than a script. Some probably won’t like that. But it has literally no special library dependencies, it’s literally g++ <source filename> -o <executablename>. If you think it would be useful I can post that code once I rip out the folder-ing; it’s roughly two hundred lines of text I think.
OK, for the bookmark manager: It’s one source file (C++) which depending on an environment variable gives you two different executables. One is the bookmark-picker, it gives you a popup from which you navigate to and select a bookmark (it plugs in to split-browser-bookmark in place of dmenu), from a treed list with folders, OR compiles to create a bookmark-manager window that lets you rearrange, rename, and delete bookmarks–and again, they are in nested folders. The file runs about 1500 lines and also is C++ and must be compiled (and this one brings in gtk+ libraries but I believe they’re part of standard Qubes’ distributions). The manager can import either your three-column tsv, or an HTML file. The only reason I’d be hesitant to post that code right now is that I haven’t figured out how to block drag-and-drop from letting one bookmark be the parent to another bookmark (only folders should be parents). The other part of the puzzle is adding a bookmark to the treed, four column .tsv from the browser; I unfortunately had to write a LOT of bash stuff into my copy of split-browser-bookmark to get that to work. I could tell from reading it you know bash a lot better than I do, so you’d probably get a good giggle out of what I did.
The business end may be translatable to python. Doing so would bypass the compilation requirements. It’s the GUI part that keeps me away from writing it—I dislike handling it when I code.
Edit: That said, maybe I can try to write the business end and someone else can take the code and add GUI handling on top.
That bookmark manager sounds like an interesting experiment, so if you ever feel like uploading it why not.
What I’ve occasionally wanted to do is simply stick some tags to a bookmark, when neither the URL nor the title is descriptive enough to be easily retrievable through dmenu’s omni search. But so far I haven’t wanted it enough to figure out how to implement it, ideally with minimal code. Maybe as a hook if that ever becomes a thing, or by extending the “Page bookmarked” notification with an interactive element.
Unlike many other non-Qubes “hardenings”, “split-things” make a real and huge difference as I see it, and I’m sure they will draw devs’ attention more in the future as a way to tweak Qubes in a way to become even more “Reasonably Secure OS”.
Then the light dawned. If you wish to do it this way, the file must be stored in that location on the bookmark VM’s template not the template of the Browser! Apparently anything in that directory gets shipped over to the browser VM when it starts up.
In a way this is actually much much better. I created three different “levels” of Arkenfoxing (with progressively more and more of his settings not commented out). But the way I was doing that before, that meant three different browser templates. Now, I just have to copy the one I want into that filename before I start the browser with his desktop shortcuts, or alternatively create a few short scripts (copy one of the three files to /etc/split-browser/prefs/50-user.js, then start browser as before) and connect them to .desktop files.
You still need to put policies.json on the browser, so if there are multiple versions of this you’ll likely want multiple templates (though I can think of one trick that might cut that down to one TemplateVM and multiple dvm templates–IF I can get that to work.). I’m going to end up doing that, probably, because sometimes noscript is an impediment.
Btw, two quirks of [/usr/local]/etc/split-browser/prefs/*.js for all the power users:
The files should not contain literal tab characters. Those would be replaced by newlines.
The files must currently have a combined size of well under 64 KiB. That’s not a problem if the Arkenfox guide from the forum is used, which strips out the extensive commentary. But the original Arkenfox user.js (with only user_pref changed to pref) is too large. A future Split Browser version might bump up this size limit.
I’ll have to give that a look (disabling for one tab) as, obviously, it’d reduce the number of actual templates I need on the browser side. I know when I was using it and realizing it was causing me problems, I couldn’t see anything that was obviously a “disable” icon, much less for just one tab. [Insert my standard rant about often-cryptic doodles replacing text for labels on controls that now no longer look like controls because it’s not fashionable to make them look like buttons any more.]
If you click on the icon and look at the top right of the popup window, you’ll see in order:
Disable restrictions globally: this will disable NoScript in all windows;
Disable restrictions for this tab: same as above, but for the tab in which you click on it;
Set scripts on this page to temporarily trusted: similar to the second option. but NoScript will keep operating, so current script will be available, but future scripts will be blocked;
Revoke temporary permissions: revert what you did with the 3rd option.
