Actions

Dev/Tor

From Whonix

< Dev



Tor Version[edit]

According to the Tor release note [archive], there are usually several different major versions of Tor supported by the Tor project. However, due to the the limited time the Tor packager has, only a few major versions are packaged and ready to be used.

For example, at the time of writing (December, 2017), five major versions of Tor are supported. Specifically:

  1. Debian stretch repository only contains another LTS which is version 0.2.9.
  2. deb.torproject.org, also known as TPO repository, contains only the latest stable Tor which is version 0.3.1.9.

A major consideration in choosing the most suitable Tor version for Whonix ™ is that the latest stable found in the TPO repository may lead to network breakage. [1] The reason is the "stable" tag indicates it is stable version of Tor, which does not necessarily match the "stable" Debian version that Whonix ™ is actually using. [2]

There are three primary Tor options for Whonix ™ developers and each of them has pros and cons:

1. Use the Tor LTS version from the official Debian package repository: packages.debian.org

  • Advantages: Minimal effort is required in Whonix ™.
  • Disadvantages: Misses the advantages of later versions (see below).

2. Use latest stable in TPO repository and allow testers to use the Tor nightly build in Whonix ™, with bug reporting bug to TPO

  • Advantages: Latest features, better security, improved Tor Browser compatibility (using SocksPort with flags and even better connectivity performance). [3]
  • Disadvantages: From the Whonix ™ perspective, these packages are uploaded to deb.torproject.org at random times. These packages are not guaranteed to be compatible with Whonix ™. While there are no security concerns, these packages could break a system's apt-get package management (due to incompatible dependencies) or connectivity, in case Tor refuses to start. This can arise due to a configuration incompatibility in a newer version of Tor, or for other reasons such as systemd or apparmor related changes.

3. Versions are downloaded from deb.torproject.org, verified to work, and then migrated to deb.whonix.org

  • Advantages: Flexibility in version selection, a guaranteed way to confirm that only stable Tor versions which are functional in Whonix ™ will be uploaded.
  • Disadvantages: A few testers are needed, manual uploads are required, and Whonix ™ touches Tor.

Whonix ™ developers have chosen the third method for now. [4] However, the comparison above suggests better security and compatibility is afforded by the second option. This approach requires a lot of active testers who can use the Tor nightly build and report bugs to the Tor project or Whonix ™. [5]

Tor Config Files[edit]

Current Implementation[edit]

TODO: Update required. Changed in Whonix ™ 14.

The implementation is as it follows.

  • /etc/tor/torrc holds minimal content, so we don't have to update it ever again
  • Instructions in /etc/tor/torrc say don't edit use /usr/local/etc/torrc.d/50_user.conf instead.
  • We should never update /etc/tor/torrc because that would lead to an interactive dpkg conflict resolution dialog [6] [7], because that would be bad from an usability perspective. Such an interactive dpkg conflict resolution dialog confuses quite some users. Also from a security perspective, if the user chooses Y or I (install the package maintainer's version), the user may lose its (security) settings such for example its proxy and/or obfuscated bridges settings.
  • /etc/tor/torrc.examples contains configuration examples.
  • Whonix ™ Tor settings go into /usr/share/tor/tor-service-defaults-torrc.
  • Users will ignore /usr/share/tor/tor-service-defaults-torrc, because this file is barely advertised and barely popular.
  • /usr/share/tor/tor-service-defaults-torrc can be updated without any conflicts with user modifications.
  • https://github.com/Whonix/anon-gw-anonymizer-config [archive]

Rejected Alternatives[edit]

Only Two Config Files[edit]

  • Using only /usr/share/tor/tor-service-defaults-torrc and /etc/tor/torrc, not using /etc/tor/torrc.examples.
  • And having configuration examples (instructions) in /usr/share/tor/tor-service-defaults-torrc. Using a minimal /etc/tor/torrc to tell them to look into /usr/share/tor/tor-service-defaults-torrc for configuration examples.
  • This is a bad idea, because users get tempted comment in things in /usr/share/tor/tor-service-defaults-torrc.
  • When they do this, they settings would get lost and overwritten without asking next time they update anon-gw-anonymizer-config [archive], because /usr/share/tor/tor-service-defaults-torrc is not a configuration file (since in /usr, not /etc folder).

Only One Config File[edit]

  • Using only /etc/tor/torrc, leaving /usr/share/tor/tor-service-defaults-torrc with defaults (from Debian), not using /etc/tor/torrc.examples.
  • Using /etc/tor/torrc for user examples, user's own modifications and Whonix ™ Tor settings.
  • This is bad, because when users have edited /etc/tor/torrc and anon-gw-anonymizer-config gets updated, it will throw an interactive dpkg conflict resolution dialog[6]. Users might decide to keep their old config file and will miss (security) improvements.

Missing /etc/tor.d/ Feature[edit]

Upstream feature request:
torrc.d-style configuration directories [archive]

Not having an /etc/tor.d/ style folder (similar to Whonix ™ modular flexible .d style configuration folders) makes implementation of additional features that require additional Tor (/etc/tor/torrc) settings much harder. For example it would improve usability to provide a whonix-gw-hidden-webserver package, that automates the Whonix-Gateway ™ specific instructions for Onion Services. If there was a /etc/tor.d/ style folder, we could just drop the configuration snippet there, and if the feature gets disabled or the package installed, that configuration snippet gets purged. Adding additions to /etc/tor/torrc with a script is problematic, because those additions cannot be removed by a script if the user slightly modified those lines.

Maybe clearly marking the configuration snippet would help.

### BEGIN whonix-gw-hidden-webserver ###
##
## DO NOT EDIT THIS SECTION
##
## Add your modifications on top of BEGIN or below END.
## It is automatically generated by whonix-gw-hidden-webserver with settings
## from /etc/whonix.d folder. If you edit this section, removal by
## whonix-gw-hidden-webserver will fail. To remove this section, run:
## sudo whonix-hw
##
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
HiddenServiceVersion 3
##
## DO NOT EDIT THIS SECTION
##
### END whonix-gw-hidden-webserver ###

Tor Control[edit]

socat - UNIX-CONNECT:/var/run/tor/control

echo "AUTHENTICATE $(xxd -c 32 -g 0 /var/run/tor/control.authcookie | awk '{print $2}')"

Why Waste Network Bandwidth by Downloading Operating System Updates over Tor?[edit]

The short answer is this option was discussed with The Tor Project and Whonix ™ was granted permission to do so.

Interested readers who want to learn more should review the following:

Footnotes[edit]

  1. https://forums.whonix.org/t/whonix-gateway-tor-0-2-9-9-unrecommended-no-update-unsafe/4240/8 [archive]
  2. The Debian target is usually the stable package, which is currently: buster) or Whonix ™.
  3. Patrick: "Historically when there was a botnet starting to use Tor, the LTS version barely connected while the latest stable had the ntor handshake which worked." See [1] [archive].
  4. Relative Whonix ™ Forum discussion: https://forums.whonix.org/t/tor-releases-discussion/4578 [archive]
  5. Please contact us if you would like to be a Tor nightly build tester for Whonix ™.
  6. 6.0 6.1 interactive dpkg conflict resolution dialog exampleː
    Configuration file `/etc/tor/torrc'
     ==> Modified (by you or by a script) since installation.
     ==> Package distributor has shipped an updated version.
       What would you like to do about it ?  Your options are:
        Y or I  : install the package maintainer's version
        N or O  : keep your currently-installed version
          D     : show the differences between the versions
          Z     : background this process to examine the situation
     The default action is to keep your current version.
    *** interfaces (Y/I/N/O/D/Z) [default=N] ? N
    
  7. Because, /etc/tor/torrc comes with an out commented #DisableNetwork 0 which gets commented in by whonixsetup, i.e. whonixsetup changes that line to DisableNetwork 0, which dpkg will consider as user modification.
  8. Click here [archive] for an overview of all answers.


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Did you know that anyone can edit the Whonix wiki [archive] to improve it?

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.