Jump to: navigation, search

Dev/Tor

< Dev


Tor Version[edit]

According to the Tor release note, there are usually several different major versions of Tor supported by the Tor project. However, due to the the limited time the Tor packager has, only a few major versions are packaged and ready to be used.

For example, at the time of writing (December, 2017), five major versions of Tor are supported. Specifically:

  1. Debian jessie repository only contains the LTS which is version 0.2.5.
  2. Debian stretch repository only contains another LTS which is version 0.2.9.
  3. deb.torproject.org, also known as TPO repository, contains only the latest stable Tor which is version 0.3.1.9.


A major consideration in choosing the most suitable Tor version for Whonix is that the latest stable found in the TPO repository may lead to network breakage. [1] The reason is the "stable" tag indicates it is stable version of Tor, which does not necessarily match the "stable" Debian version that Whonix is actually using. [2]

There are three primary Tor options for Whonix developers and each of them has pros and cons:

1. Use the Tor LTS version from the official Debian package repository: packages.debian.org

  • Advantages: Minimal effort is required in Whonix.
  • Disadvantages: Misses the advantages of later versions (see below).


2. Use latest stable in TPO repository and allow testers to use the Tor nightly build in Whonix, with bug reporting bug to TPO

  • Advantages: Latest features, better security, improved Tor Browser compatibility (using SocksPort with flags and even better connectivity performance. [3]
  • Disadvantages: From the Whonix perspective, these packages are uploaded to deb.torproject.org at random times. These packages are not guaranteed to be compatible with Whonix. While there are no security concerns, these packages could break a system's apt-get package management (due to incompatible dependencies) or connectivity, in case Tor refuses to start. This can arise due to a configuration incompatibility in a newer version of Tor, or for other reasons such as systemd or apparmor related changes.


3. Versions are downloaded from deb.torproject.org, verified to work, and then migrated to deb.whonix.org

  • Advantages: Flexibility in version selection, a guaranteed way to confirm that only stable Tor versions which are functional in Whonix will be uploaded.
  • Disadvantages: A few testers are needed, manual uploads are required, and Whonix touches Tor.


Whonix developers have chosen the third method for now. [4] However, the comparison above suggests better security and compatibility is afforded by the second option. This approach requires a lot of active testers who can use the Tor nightly build and report bugs to the Tor project or Whonix. [5]

Tor Config Files[edit]

Current Implementation[edit]

The implementation is as it follows.

  • /etc/tor/torrc holds minimal content, so we don't have to update it ever again
  • Instructions in /etc/tor/torrc say "copy and paste from /etc/tor/torrc.examples".
  • We should never update /etc/tor/torrc because that would lead to an interactive dpkg conflict resolution dialog [6] [7], because that would be bad from an usability perspective. Such an interactive dpkg conflict resolution dialog confuses quite some users. Also from a security perspective, if the user chooses Y or I (install the package maintainer's version), the user may lose its (security) settings such for example its proxy and/or obfuscated bridges settings.
  • /etc/tor/torrc.examples contains configuration examples.
  • Whonix's Tor settings go into /usr/share/tor/tor-service-defaults-torrc.
  • Users will ignore /usr/share/tor/tor-service-defaults-torrc, because this file is barely advertised and barely popular.
  • /usr/share/tor/tor-service-defaults-torrc can be updated without any conflicts with user modifications.
  • https://github.com/Whonix/anon-gw-anonymizer-config

Rejected Alternatives[edit]

Only Two Config Files[edit]

  • Using only /usr/share/tor/tor-service-defaults-torrc and /etc/tor/torrc, not using /etc/tor/torrc.examples.
  • And having configuration examples (instructions) in /usr/share/tor/tor-service-defaults-torrc. Using a minimal /etc/tor/torrc to tell them to look into /usr/share/tor/tor-service-defaults-torrc for configuration examples.
  • This is a bad idea, because users get tempted comment in things in /usr/share/tor/tor-service-defaults-torrc.
  • When they do this, they settings would get lost and overwritten without asking next time they update anon-gw-anonymizer-config, because /usr/share/tor/tor-service-defaults-torrc is not a configuration file (since in /usr, not /etc folder).

Only One Config File[edit]

  • Using only /etc/tor/torrc, leaving /usr/share/tor/tor-service-defaults-torrc with defaults (from Debian), not using /etc/tor/torrc.examples.
  • Using /etc/tor/torrc for user examples, user's own modifications and Whonix's Tor settings.
  • This is bad, because when users have edited /etc/tor/torrc and anon-gw-anonymizer-config gets updated, it will throw an interactive dpkg conflict resolution dialog[6]. Users might decide to keep their old config file and will miss (security) improvements.

Missing /etc/tor.d/ Feature[edit]

Upstream feature request:
torrc.d-style configuration directories

Not having an /etc/tor.d/ style folder (similar to Whonix modular flexible .d style configuration folders) makes implementation of additional features that require additional Tor (/etc/tor/torrc) settings much harder. For example it would improve usability to provide a whonix-gw-hidden-webserver package, that automates the Whonix-Gateway specific instructions for Onion Services. If there was a /etc/tor.d/ style folder, we could just drop the configuration snippet there, and if the feature gets disabled or the package installed, that configuration snippet gets purged. Adding additions to /etc/tor/torrc with a script is problematic, because those additions cannot be removed by a script if the user slightly modified those lines.

Maybe clearly marking the configuration snippet would help.

### BEGIN whonix-gw-hidden-webserver ###
##
## DO NOT EDIT THIS SECTION
##
## Add your modifications on top of BEGIN or below END.
## It is automatically generated by whonix-gw-hidden-webserver with settings
## from /etc/whonix.d folder. If you edit this section, removal by
## whonix-gw-hidden-webserver will fail. To remove this section, run:
## sudo whonix-hw
##
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 10.152.152.11:80
##
## DO NOT EDIT THIS SECTION
##
### END whonix-gw-hidden-webserver ###

Tor Control[edit]

socat - UNIX-CONNECT:/var/run/tor/control

echo "AUTHENTICATE $(xxd -c 32 -g 0 /var/run/tor/control.authcookie | awk '{print $2}')"

Footnotes[edit]

  1. https://forums.whonix.org/t/whonix-gateway-tor-0-2-9-9-unrecommended-no-update-unsafe/4240/8
  2. The Debian target is usually the stable package, which is currently: jessie) or Whonix.
  3. Patrick: "Historically when there was a botnet starting to use Tor, the LTS version barely connected while the latest stable had the ntor handshake which worked." See [1].
  4. Relative Whonix Forum discussion: https://forums.whonix.org/t/tor-releases-discussion/4578
  5. Please contact us if you would like to be a Tor nightly build tester for Whonix.
  6. 6.0 6.1 interactive dpkg conflict resolution dialog exampleː
    Configuration file `/etc/tor/torrc'
     ==> Modified (by you or by a script) since installation.
     ==> Package distributor has shipped an updated version.
       What would you like to do about it ?  Your options are:
        Y or I  : install the package maintainer's version
        N or O  : keep your currently-installed version
          D     : show the differences between the versions
          Z     : background this process to examine the situation
     The default action is to keep your current version.
    *** interfaces (Y/I/N/O/D/Z) [default=N] ? N
    
  7. Because, /etc/tor/torrc comes with an out commented #DisableNetwork 0 which gets commented in by whonixsetup, i.e. whonixsetup changes that line to DisableNetwork 0, which dpkg will consider as user modification.

Random News:

We are looking for help in managing our social media accounts. Are you interested?


https | (forcing) onion

Share: Twitter | Facebook | Google+

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)