I am on Ubuntu 24.04.1 and updated my Tor Browser to version 14.0. When the Tor Browser opened again after the update, I got this pop-up from the Tor Browser (also see my picture, that I uploaded) :
“Some of Tor Browser’s security features may offer less protection on your current operating system. How to fix this issue”
went into Terminal and then into the tor-browser folder using the terminal and then did “./start-tor-browser.desktop --register-app” inside the tor-browser folder
I had this problem updating from the older version obviously, but I did install Tor Browser 14.0 later that day completely fresh in the same way, without updating of course, since the version on the torproject website is already version 14.0…and still the same problem here.
But again, is the Tor Browser on my Ubuntu 24.04.1 not safe or less safe now? Can I rely on it or should I stop using Tor Browser for sensitive things until this is fixed?
So…? Can someone from preferably the Tor Team tell us if this is a security and/or privacy issue and we maybe should stop using Tor Browser on Ubuntu 24.04.1 until this is fixed, or is this just an annoying cosmetic thing with no security or privacy ramifications?
I know you are good and busy people at Tor, but since the Tor Browser is something, that sometimes even peoples life depend on it, I guess asking for a quick public assessment of the ramifications regarding privacy and security is not wrong.
Thanks, that is surely helpful for some people. But people like me, more or less average users, don’t understand most of the thechnical mumbo jumbo that is happening on Gitlab.
So hopefully the documentation you are working on, will be very easy to understand for the average non tech savvy user. Also please be very direct…if it turns out that Ubuntu is a bad distro that always puts obstacles in your way, just say it that way. Because, although I’m not interested in switching my distro, I also want to live in reality and not in a fantasy world.
If Ubuntu is bad, then just say it.
On the other hand:
You linked Sandboxing on Ubuntu >= 23.10 on Gitlab , where someone wrote “If it is true, then TBB cannot be used safely on latest Ubuntus and potentially on other distros using AppArmor without manually enabling userns support for TBB.”
So:
Should I stop using Tor Browser on Ubuntu 24.04.1 in the meantime? I already asked that multiple times very clearly.
If and only if, this is a speculation here, the problem was already talked about 3 months ago on the Tor forum and then again 1 month ago on Tor’s Gitlab, and it is a security issue and you did nothing, although Ubuntu is probably the most used Linux distro…again, this is just a speculation and I personally think highly of the Tor team, but if this is true, then this would be very concerning.
Tor Browser has been displaying a “Security features” warning on Linux systems with unprivileged user namespaces either turned off or turned on depending on whether a suitable AppArmor profile exists for the application.
That info is however useless on systems with unprivileged user namespaces turned off. The notification is annoying and hardly actionable.
With Tor Browser 14, we decided to not hide this notification entirely but rather link to the most informative section of Firefox’s support article for the time being.
First of all, thanks for the answer. But I still have a question.
One of the Tor Browser maintainers, “ma1”, wrote on Gitlab that they knew about this issue before publishing the new version of the Tor Browser and deliberately decided to include the pop-up in the new Tor Browser version, although they also could have just hidden it.
The question: So if the new version of the Tor Browser is not only still safe on the latest Ubuntus, but the issue also doesn’t affect the security/privacy of the Tor Browser at all, then why did the Tor Browser maintainers deliberately decided to include a pop-up in the new Tor Browser version, that basically says that we have now less security on the new version of the Tor Browser, if that is just not true?
That would mean, that the Tor Browser maintainers are deliberately spreading lies and that is hard for me to believe.
So something clearly doesn’t add up here and I hope you can clear that up.
Unfortunately that’s not something that we can do for them in the portable archive (vs a package), because it requires the privileges to instrall an AppArmor profile.
Thank you very much for the clarification.
And well, I don’t know if I’m a power user in your definition, but I’am using the Tor Browser for 99% of my browsing. Very rarely I open another browser.
But even if someone is not a power user, I don’t see why someone should not aim for the best security.
Problem here is, that I’m more or less an average user, even only very rarely using the terminal. I heard about AppArmor, that it’s something for security, but that’s about it.
There is no way I will be able to understand the instructions that you linked.
So is there something in the works, like maybe an additional button somewhere in the Tor Browser, where I just click the button, type in my passphrase and the Apparmor-profile or whatever is needed, will be set up automatically…or something like that?
I hope, that I’m not too annoying with saying this, because I know that you have finite resources and maybe you already thought about it yourself, but it would be really good if you would always aim for the best security automatically, without someone like me coming on the forum and starting a discussion about it.
Because many people rely on the word of mouth I guess, that the Tor Browser has VERY good privacy…and like you probably know yourself, you can’t have good privacy without optimal security.
So if you, the Tor Browser maintainers, start saying to yourself…although to be fair I don’t know if it happened exactly like that: “Oh well, it’s only “slightly” more secure that way, so let people decide themselves if they want that extra security”…then after some time you will have dozens of weak security points in the Tor Browser.
Many people also use the Tor Browser, because they are afraid of their governments coming for them and the governments have a vast amount of resources, so not having that AppArmor-profile or whatever is needed here, could be a weak point, that government hackers will try to exploit.
So if your resources are sufficient enough, your mentality should always be “Aim for the best privacy and security, always!” and not “oh whatever, it’s only slightly more secure that way, not really worth it”…although like I said, I don’t really know if it happened that way, it just seems that way to me.
This is a very interesting discussion, not least because it has led me to investigate why I wasn’t seeing this warning and consequently to read more about the kernel.unprivileged_userns_clone setting. I was not previously aware that this is set to 1 on my system (Linux Mint Debian Edition) by the bubblewrap package (used by flatpak and others). As I don’t need/use flatpak I’ve now reverted the setting to 0 and thus I now see the warning the OP describes. I understand that toggling this setting results in a security tradeoff and for those interested there is a useful Q&A on this specific topic at Stack Exchange.
IMHO it is right to show this warning and a link to a Tor Browser specific fix (based on the FF docs but tailored to the user’s TB installation) would be ideal. I personally do not think Tor Browser should facilitate “just click the button” fixes which require superuser privileges and access to files outside of the TB bundle - not least because of the risk of something going wrong. Messing with such things is for ‘power users’/sys admins only and I think the Tor Project should limit itself to pointing regular TB users to the docs and suggesting they obtain advice from a suitably knowledgeable authority before implementing fixes which may result in security tradeoffs - or break other stuff.
I would also note that the FF docs on creating an AppArmor profile do not actually work for plain old Debian bookworm (which my distro is based on). Debian stable currently uses the apparmor 3.0.8 release. AFAICT the userns rule is not supported in this release and the provided fix results in an AppArmor parser error. I’ve provided feedback to Mozilla to this effect and hopefully they’ll update the docs. Just my 2 cents.
Don’t get me wrong, I just implied that because I don’t know if there is an other way to implement an AppArmor-profile or whatever is needed here.
If there is, then I’m hoping that the Tor Browser maintainers are thinking of it right now and will rather implement the AppArmor-profile or whatever is needed here, without needing superuser privileges.
My knowledge is just limited here and if there is no other way to get more security, I guess superuser privileges is the right and also only way here.
…suggesting they obtain advice from a suitably knowledgeable authority before implementing fixes which may result in security tradeoffs - or break other stuff.
What do you mean with that? Should only professional sysadmins be able to run a secure Tor Browser and not “normal people”? Because this would be probably the effect in the long term. And also I would like to think that the Tor Browser maintainers would test this new feature so it doesn’t destroy the systems of end users.
But again, I would also prefer an implementation of the AppArmor-profile or what is needed here, without superuser privileges, if it’s possible of course.