Actions

File Sharing

onionshare[edit]

Extend onion-grater Whitelist

On Whonix-Gateway.

Create a new directory. [1]

sudo mkdir -p /usr/local/etc/onion-grater-merger.d/

Symlink the onion-grater profile to the onion-grater settings folder.

sudo ln -s /usr/share/onion-grater-merger/examples/40_onionshare.yml /usr/local/etc/onion-grater-merger.d/

Restart onion-grater.

sudo service onion-grater restart

Modify Whonix-Workstation User Firewall Settings

Note: If no changes have yet been made to Whonix Firewall Settings, then the Whonix User Firewall Settings File /etc/whonix_firewall.d/50_user.conf appears empty (because it does not exist). This is expected.

If using Qubes-Whonix, complete these steps.
In Whonix-Workstation AppVM.

Make sure folder /rw/config/whonix_firewall.d exists.

sudo mkdir -p /rw/config/whonix_firewall.d

Open /rw/config/whonix_firewall.d/50_user.conf with root rights.

kdesudo kwrite /rw/config/whonix_firewall.d/50_user.conf

If using a graphical Whonix-Workstation, complete these steps.

Start Menu -> Applications -> Settings -> User Firewall Settings

If using a terminal-only Whonix-Workstation, complete these steps.

sudo nano /etc/whonix_firewall.d/50_user.conf

For more help, press on Expand on the right.

Note: The Whonix Global Firewall Settings File /etc/whonix_firewall.d/30_default.conf contains default settings and explanatory comments about their purpose. By default, the file is opened read-only and is not meant to be directly edited. Below, it is recommended to open the file without root rights. The file contains an explanatory comment on how to change firewall settings.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this
## file may be overwritten.

See also Whonix modular flexible .d style configuration folders.

To view the file, follow these instructions.

If using Qubes-Whonix, complete these steps.

Qubes App Launcher (blue/grey "Q") -> Template: whonix-ws -> Whonix Global Firewall Settings

If using a graphical Whonix-Workstation, complete these steps.

Start Menu -> Applications -> Settings -> Global Firewall Settings

If using a terminal-only Whonix-Workstation, complete these steps.

nano /etc/whonix_firewall.d/30_default.conf

Add. [2]

EXTERNAL_OPEN_PORTS+=" $(seq 17600 17659) "

Save.

Reload Whonix-Workstation Firewall.

If you are using Qubes-Whonix, complete the following steps.

Qubes App Launcher (blue/grey "Q") -> Whonix-Workstation AppVM (commonly named anon-whonix) -> Reload Whonix Firewall

If you are using a graphical Whonix-Workstation, complete the following steps.

Start Menu -> Applications -> System -> Reload Whonix Firewall

If you are using a terminal-only Whonix-Workstation, run.

sudo whonix_firewall

Start onionshare.

Using the gui.

TODO document

Or alternatively from terminal.

onionshare /path/to/file

Forum discussion:
https://forums.whonix.org/t/feature-request-onionshare-support

Peer-to-Peer (P2P) File Sharing[edit]

File Sharing Clients such as torrent, eMule, etc.

Please limit![edit]

Whonix will keep your IP address hidden while you use BitTorrent and other file sharing and P2P programs. However, because the Tor network suffers from limited bandwidth shared among many users, please be aware of how much you are downloading and uploading with these programs: A single 500 megabyte media file can equal hours of browsing for another user.

Violation of copyright laws risks harassment against exit nodes. To learn more about legal protections for file sharing in your country, see https://en.wikipedia.org/wiki/Legal_aspects_of_file_sharing

If you must use it, please disable torrent seeding, as the constant uploading is what makes resource usage particularly harmful to the network compared to ordinary downloads over FTP/HTTP.

The Tor Project[edit]

The Tor Project has yet to make a definite, official statement about the use of BitTorrent over the Tor network.

Quote Jacob Appelbaum:

[...] I'm not clear that it will harm the network if Tails includes a BitTorrent client. I think that the harm comes when someone runs a few seeding boxes through Tor and doesn't bother to add any capacity to the network at all. [...]

Quote Andrew Lewman says:

[...] There are completely legitimate uses of bittorrent over Tor. I've talked to people who want to get their ISO of Fedora or Ubuntu from outside their country, so they bt over tor to do so. [...] I'm fully aware that the tor codebase punishes me for doing large downloads over Tor, so be it. [...]

Quote: Roger Dingledine:

[...] We've been saying for years not to run Bittorrent over Tor, because the Tor network can't handle the load; [...]

Bittorrent Client Fingerprinting[edit]

On initial startup, torrent clients generate a unique peer ID for the DHT network.[3] Also apparently the trackers can set cookies in the client as a newer version of qbittorrent allows you to see and manage those from the GUI. To avoid leaving a long lived trail of download activity, it is recommended to periodically start fresh from a clean snapshot and reinstall the torrent client.

Footnotes[edit]

  1. Using /usr/local/etc/onion-grater-merger.d/ because that onion-grater settings folder is persistent in Qubes-Whonix TemplateBased ProxyVMs, i.e. Whonix-Gateway (commonly called sys-whonix). Non-Qubes-Whonix users could also use /etc/onion-grater-merger.d/. Qubes-Whonix users could also use /etc/onion-grater-merger.d/ but then users would have to make /etc/onion-grater-merger.d/ persistent, which would require doing this inside the Whonix-Gateway TemplateVM (commonly called whonix-gw) and restart their Whonix-Gateway ProxyVM or to use bind-dirs. Both is more more complicated than simply using /usr/local/etc/onion-grater-merger.d/ which is persistent either way and even allows multiple Whonix-Gateway ProxyVMs based on the same Whonix-Gateway TemplateVM for lets say one Whonix-Gateway ProxyVM extending and relaxing onion-grater's whitelist and the other Whonix-Gateway ProxyVM with the default more restricted onion-grater whitelist.
  2. As per https://labs.riseup.net/code/issues/7870#note-15 onionshare uses ports 17600 to 17659.
  3. https://security.stackexchange.com/questions/37167/can-bittorrent-clients-be-fingerprinted

Random News:

Please consider a recurring payment for your Priority Support!


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)