I have used the Terabox cloud storage successfully on tails before. Even the front page no longer loads and shows a blank page (before I even have option to login). It also won’t open on unsafe browser but does open on Firefox on my main Linux distribution, so it is not down completely. I have not tried Tor-browser on that Linux distribution. Since it won’t load on unsafe browser I doubt its because of Tor.
Is there a known list of differences between unsafe browser and vanilla Firefox that I can look into (to try to figure this out). I don’t remember, if it broke when upgrading from Tails 7.1 to Tails 7.2, but it was working (at one point) when 7.1 was the newest version of Tails.
For what it’s worth I know that terabox should not be trusted, Its like my fourth backup, not the only place I store my data
I did not get a certification error at any point. I booted up a live linux distro and after installing a bit outdated version of tor-browser from their repo (14.5.5) the website terabox.com opens successfully but after letting it update to newest (15.0.2) it only downloaded a blank page, just like in Tails 7.2. In tails news there is a mention:
Changes and updates
Update Tor Browser to 15.0.1.
Tor Browser 15.0 is based on Firefox 140 and inherits from it several new features that are particularly useful if you use many tabs…
There was also a message about some safety features that seem to be inherited from firefox and irrelevant to this.
So naturally my next step is to look at Tor-browser changelog about series 15 changes. This does not seem to be Tails specific
I don’t know if this is related to Wasm (Web assembly) that is discussed about in Torbrowser blog at New Release: Tor Browser 15.0 | The Tor Project I have tried to change some settings at about:config without success.
Note that While I do value my privacy and anonymity I am not at risk if either is compomised. Most importantly I want to hide the fact that I use terabox (and other cloud storage services). I know I tried it with unsafe browser, so not 100% secret, but I want to preserve its secrecy now and in the future.
Also I am not lazy about security after knowing some way to access it. I want to find the most secure way but at this moment I have no way to access it at all on tails
It won’t. The certificate error isn’t on the main webpage but some resources it tries to load from another domain. Many websites load resources like images, JavaScript files (like jsdelivr) and fonts (like FontAwesome) from other domains (owned by them or by other persons or organizations), and if files on that domain fails to load, these websites will act as if they’re broken, because they expect those resources to be available, but they aren’t.
If you open the developer tool of Tor browser (Ctrl-Shift-I or F12), switch to Network tab and reload Terabox.com you’ll see a lot of the resources (files) from s3.teraboxcdn.com failed to load due to NS_ERROR_GENERATE_FAILURE, and if you copy the resource URL to the address bar and hit enter, you’ll see the the error I pasted.
This is not Tor browser specific. It replicated on firefox-esr 140.5.0 I installed on Tails.
I also tested it on Firefox esr 128.13.0 and it load correctly. I think it’s Firefox changing the way it handles website certificate that caused your problem.
If you really need to use that service, you can either use Chromium (143, tested working, but very identifiable when browsing through Tor) and set proxy to Tor daemon, or use outdated tor browser/firefox-esr (remember to disable auto update in tor browser settings) if you’re willing to take the risk of browsing with unpatched vulnerabilities.
Thank you for looking into this. I found a (insecure) way to solve this, go to https://s3.teraboxcdn.com/ and accept the risk here. Then the main page opens until that session is closed.
As that cloud storage may already give data to china I am not concerned if someone else gets data stored there, and the password for that account is unique (so if it leaks no damage).
I did however notice an interesting thing with the certificate issue, firefox 146 installed to my main OS via snap load the page (and assumingly no problem with the cert) but firefox 146 on tails does not.
If this issue is fixable in a more secure way I would like to know, even if this thread is a few months old by then.
Not really. The certificate should be fine (if the teraboxcdn certificate fingerprint is SHA256 1A:48:DA:A9:DE:91:B6:C6:F4:49:3B:4B:CA:30:86:37:65:FF:03:8B:EE:F5:EB:43:A8:CA:6B:F5:F9:9A:D7:3D), it’s just newer Firefox (and Tor Browser) refuse to accept the misconfigured certificate chain (or lack thereof) anymore. Your security isn’t compromised.
Oh, also: Wasm is enabled if security level is set to Standard. Please consider reverting your changes in about:config (or reinstall Tor browser) as they may break the anonymity promise of Tor browser.
