Dev/Default Browser

From Kicksecure
< Dev
Jump to navigation Jump to search

Kicksecure Default Browser Considerations[edit]


Kicksecure is primarily a security focused Linux distribution. Preferring security over privacy if such a decision is unavoidable. However, Kicksecure will never implement outrageous privacy violations. It will even provider slightly better privacy than most other Linux distributions (such as no popularity contest installed), but otherwise no huge efforts to optimize privacy such as in Whonix. (And yet, Kicksecure would be a suitable host for Kicksecure until [[Whonix-Host]] materializes. No contradiction here since Kicksecure works fine on top of any secure Linux distribution that does not implement outrageous privacy violations.)

Chromium is more secure than [1] Therefore would be the natural choice as default browser for Kicksecure.

very hard to notice Phishing Scam - Firefox / Tor Browser URL not showing real Domain Name - Homograph attack (Punycode)

Even if Firefox would provide better privacy than Chromium, this would still not speak in favor of choosing Firefox as the only browser installed by default in Kicksecure because as elaborated in the first paragraph in this chapter, Kicksecure is primarily a security focused Linux distribution.

Other browsers not available from are not considered (at least not in initial versions) because Kicksecure will have a similar default application to default application policy.

However, Firefox should be preferred for reasons other than security and privacy, see threats to user freedom thorough market share domination. In future, Firefox might have better advertisement blocking capabilities?

SecBrowser (was a browser providing better privacy when browsing clearnet) will not be installed by default in Kicksecure because of grave usability issues, namely its window bar is still saying "Tor Browser" rather than Firefox or SecBrowser. That would be too confusing for new users of Kicksecure. SecBrowser is deprecated. Also Chromium is more secure than SecBrowser.

See also these Chromium considerations.

Therefore the decision which browser to install by default in Kicksecure is a difficult one.

To not let the perfect be the enemy of the good, it's been decided to install Chromium by default in the initial versions of Kicksecure. The decision is based on practicality, available resources, achievable initial goals. It is a significant development effort to create a dedicated website for Kicksecure and to create a new Linux distribution. Kicksecure doesn't have to find solutions to the difficult mostly globally unaddressed Miscellaneous Threats to User Freedom right from the start.

See also #Potential Future Solutions which might be implemented in later stages of the development.

Disregarded Solutions[edit]

no browser installed by default[edit]

  • That would be a terrible user experience, specifically for Live ISO / USB users, waiting until all browser related packages are downloaded and installed using APT. Users want ready to go solution. The fact that they already have to invest time to get a new operating system is already a barrier. Asking them to wait till a browser downloads is too much.

install both firefox-esr and chromium by default[edit]

  • a waste of disk space
  • longer update times as both packages are downloaded in the future
  • not a strong stance against chromium

Potential Future Solutions[edit]

Might be implemented in a later version but not in the initial versions.

Browser Choice Dialog[edit]

Similar to this:

During the build process of Kicksecure download (cache) both packages, firefox-esr and chormium but don't install these. This is to avoid avoid APT traffic and time wasted on network download. In more technical terms, similar to this:

sudo apt update
sudo apt install --download-only firefox-esr
sudo apt install --download-only chromium

The packages will then be cached but didn't actually install the packages. These downloaded packages files will reside in folder /var/cache/apt/archives and otherwise do nothing. Would be cleaned up once the user runs sudo apt clean.

That would work well for ISO release but not for installation from repository. The latter not sure how important long term, perhaps for servers (server vendors won't offer Kicksecure pre-install very soon) but then for servers no browser is required.

Not sure yet this can work with the ISO build process.

Also after first boot there is a technical issue. Suppose users would run sudo apt update followed by sudo apt full-upgrade before ever starting a browser, which is recommended and good security practice. Then when running the browser choice dialog (through clicking browser icon in start menu)...

At this point the user most likely the browser choice tool cannot run sudo apt install firefox-esr or sudo apt install chromium on behalf of the user without network traffic. This is because dependencies, package versions changed meanwhile. (User run sudo apt update would have noticed that.) This decreases usability. Thereby the browser choice tool would be changed from offline install previously downloaded browser package to network dependent download and install of browser.

To keep the browser choice tool offline install previously downloaded browser package should the browser choice be a popup at first boot?

There might be technical solutions for all of this but this makes the default browser choice a major development task.

draft text for browser choice dialog[edit]

Not relevant yet since the browser choice dialog will not be implemented soon.

Kicksecure supports any Debian compatible browser, but defaults to two major choices: Chromium and Firefox.

  • Firefox - Pros: Keeps the web open and free as we know it. Less

Please make a selection:

[x] Firefox
[ ] Chromium
[ ] Do not install any browser at this time
[ ] Do not ask again
[ ] Quit

Domain name will change go

Forum Discussion[edit]


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 11 year success story and maybe DONATE!