Qubes-Community-Content/docs/customization/secbrowser.md

12 KiB
Raw Blame History

SecBrowser

SecBrowser is a security-focused browser that provides vulnerability surface reduction for users that need high security, thereby reducing the risk of infection from malicious, arbitrary code. A built-in security slider provides enhanced usability, as website features which have historically been used as attack vectors (like JavaScript) can be easily disabled. Without any customization, SecBrowsers default configuration offers better security than Firefox, Google Chrome or Microsoft Edge.[1] It also provides better protections from online tracking, fingerprinting and the linkability of activities across different websites.

SecBrowser is a derivative of the Tor Browser Bundle, but without Tor. This means unlike Tor Browser, SecBrowser does not route traffic over the Tor network. Even without the aid of the Tor network, SecBrowser still benefits from the numerous patches that Tor developers have merged into the code base. Even with developer skills, these enhancements would be arduous and time-consuming to duplicate in other browsers, with the outcome unlikely to match SecBrowser's many security benefits. While browser extensions can be installed to mitigate specific attack vectors, this ad hoc approach is insufficient. SecBrowser leverages the combines experience and knowledge of the Tor Project developers, Whonix developers and the battle-tested Tor Browser.

Security Enhancements

Table: SecBrowser Security and Privacy Benefits

Features Description
HTTPS Everywhere This browser extension encrypts communications with many major websites, making your browsing more secure.[2]
NoScript NoScript can provide significant protection with the correct configuration.[3] NoScript blocks active (executable) web content and protects against cross-site scripting (XSS). "The add-on also offers specific countermeasures against security exploits".
DNS and Proxy Configuration Obedience Proxy obedience is achieved through custom patches, Firefox proxy settings, and build flags. Plugins which can bypass proxy setting are disabled.[4]
Reproducible Builds Build security is achieved through a reproducible build process that enables anyone to produce byte-for-byte identical binaries to the ones the Tor Project releases.[5][6]
Slider Security Enables improved security by disabling certain web features that can be used as attack vectors.[7][8]
WebRTC Disabled by Default WebRTC can compromise the security of VPN tunnels, by exposing the external (real) IP address of a user.[9][10]

Settings

While SecBrowser has numerous security enhancements they can come at a cost of decreased usability. Since it is also highly configurable, security settings and behavior can be customized according to personal requirements.

  • Private Browsing Mode: In the default configuration Tor Browser has private browsing mode enabled. This setting prevents browsing and download history as well as cookies from remaining persistent across browser restarts. While private browsing mode increases security, usability can be affected to the point that some websites will not function properly or not at all.[11] To enhance usability SecBrowser comes packaged with a custom user_pref that disables private browsing mode. If privacy is paramount users can enable private browsing mode by commenting out the corresponding user preference.

  • Security Slider: By default the security slider is set to "Safest" which is the highest security setting.This will prevent some web pages from functioning properly, so security needs must be weighed against the degree of usability that is required.

  • Persistent NoScript Settings: SecBrowser includes a user_pref that allows custom NoScript settings to persist across browser sessions. This is a security vs usability trade-off.

  • Remember Logins and Passwords for Sites: To increase usability, users have the option to save site login information such as user names or passwords.

Privacy and Fingerprinting Resistance

Research from a pool of 500,000 Internet users has shown that the vast majority (84%) have unique browser configurations and version information which makes them trackable across the Internet. When Java or Flash is installed, this figures rises to 94%.[12] SecBrowser shares the fingerprint with around three million other Tor Browser users, which allows people who use SecBrowser to "blend in" with the larger population and better protect their privacy.

The EFF has found that while most browsers are uniquely fingerprintable, resistance is afforded via four methods:

  • Disabling JavaScript with tools like NoScript.
  • Use of Torbutton, which is bundled with SecBrowser and enabled by default.
  • Use of mobile devices like Android and iPhone.
  • Corporate desktop machines which are clones of one another.

With JavaScript disabled, SecBrowser provides significant resistance to browser fingerprinting.[13]

  • The User Agent is uniform for all Torbutton users.
  • Plugins are blocked.
  • The screen resolution is rounded down to 50 pixel multiples.
  • The timezone is set to GMT.
  • DOM Storage is cleared and disabled.

The EFF's Panoptickick fingerprint test shows that SecBrowser resists fingerprinting.

Note: Because tracking techniques are complex, Panopticlick does not measure all forms of tracking and protection.

  • SecBrowser conveys 6.26 bits of identifying information.
  • One in 76.46 browsers having the same fingerprint.
  • Browser's that convey lower bits of identification are better at resisting fingerprinting.[14]

When Tor Browser's and SecBrowser's HTTP headers are compared using Fingerprint central the test results are near identical.

Table: Tor Browser vs SecBrowser HTTP Headers Comparison

Percentage (%) out of 1652 with fingerprints tags [Firefox,Windows]:

Name Value Tor Browser SecBrowser
% %
User-Agent Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0 2.48 2.42
Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 97.15 97.15
Host fpcentral.irisa.fr 90.44 90.43
Content-Length 100.00 100.00
Accepted-Language en-US,en;q=0.5 32.63 32.95
Referer https://fpcentral.irisa.fr/ 69.37 69.35
Upgrade-Insecure-Requests 1 83.05 83.04
Accepting-Encoding gzip, deflate, br 82.14 82.13
Content-Type 100.00 100.00
Connection close 100.00 100.00

Install SecBrowser

SecBrowser can be installed using tb-updater which is a package developed and maintained by Whonix developers. When run, tb-updater seamlessly automates the download and verification of SecBrowser (from The Tor Project's website). One of the many benefits of tb-updater is the ability to disable Tor is prebuilt into the software. This improves usability and is convenient since a security-focused browser (SecBrowser), is readily available. Unlike other manual methods of disabling Tor, this greatly simplifies the procedure and lessens the chance of a configuration error. To install SecBrowser in Qubes, users can follow the detailed instructions found on the designated SecBrowser Wiki .

Conclusion

SecBrowser is a highly configurable security-focused browser that affords users with numerous options to fine tune their browser's security and usability. This can be achieved through user preferences (user_pref) or on the fly by means of an easy to use and intuitive security slider. This allows for seemless changes in security posture to meet changes in dynamic environments. SecBrowser's fingerprinting resistance provides strong protection against web tracking and can be combined with a VPN to further enhance privacy. SecBrowser can be used with any Debian 10 (buster) based operating system including SecOS (a Hardened Debian based OS) which is in active development and coming soon.