Creating a browser extension to automate and simplify the verification of the ISO when downloaded (by modifying the Tails verification extension)

[ghost]

One can assume that most users don't verify their ISO when downloaded, especially non-technical users. To make it easier to verify the ISO and to automate the process to make it user friendly for them, I suggest that someone (maybe by the community?) rebases the Tails extension for automatic verification for Qubes, and it gets implemented in the Qubes OS website.

The Tails team already made an extension for automatic ISO verification extension for Firefox
https://tails.boum.org/blueprint/bootstrapping/extension/

Their download page: https://tails.boum.org/install/download/
https://addons.mozilla.org/en-US/firefox/addon/tails-download-and-verify/

(They are also working for one extension for Chromium users, but for now only the Firefox one is available)

What is your opinion on this?

[andrewdavidwong]

Neat idea, but there's a risk of moral hazard. That is, users who might otherwise have locally verified the ISO (because the convenient option was not available) might instead rely solely on the convenient option, thereby decreasing their security.

https://www.qubes-os.org/doc/user-faq/#should-i-trust-this-website

[andrewdavidwong]

Neat idea, but there's a risk of moral hazard. That is, users who might otherwise have locally verified the ISO (because the convenient option was not available) might instead rely solely on the convenient option, thereby decreasing their security.

https://www.qubes-os.org/doc/user-faq/#should-i-trust-this-website

[adrelanos]

The root cause of this: Popular browsers have not yet implemented Metalink support. With Metalink, the file link, gpg signature, gpg fingerprint and gpg key could all be encoded within the link. Then users could get the link from https or onion, download from untrusted mirrors and automagically profit from gpg verification. It's not great to see energy spend on every project inventing a browser extension to download the binaries. Indeed it's simpler than fixing the root cause.

[adrelanos]

The root cause of this: Popular browsers have not yet implemented Metalink support. With Metalink, the file link, gpg signature, gpg fingerprint and gpg key could all be encoded within the link. Then users could get the link from https or onion, download from untrusted mirrors and automagically profit from gpg verification. It's not great to see energy spend on every project inventing a browser extension to download the binaries. Indeed it's simpler than fixing the root cause.