Extend onion-grater Whitelist
Modify Whonix-Workstation User Firewall Settings
EXTERNAL_OPEN_PORTS+=" $(seq 17600 17659) "
Reload Whonix-Workstation Firewall.
Using the gui.
Or alternatively from terminal.
Peer-to-Peer (P2P) File Sharing
File Sharing Clients such as torrent, eMule, etc.
Whonix will keep your IP address hidden while you use BitTorrent and other file sharing and P2P programs. However, because the Tor network suffers from limited bandwidth shared among many users, please be aware of how much you are downloading and uploading with these programs: A single 500 megabyte media file can equal hours of browsing for another user.
Violation of copyright laws risks harassment against exit nodes. To learn more about legal protections for file sharing in your country, see https://en.wikipedia.org/wiki/Legal_aspects_of_file_sharing
If you must use it, please disable torrent seeding, as the constant uploading is what makes resource usage particularly harmful to the network compared to ordinary downloads over FTP/HTTP.
The Tor Project
The Tor Project has yet to make a definite, official statement about the use of BitTorrent over the Tor network.
Quote Jacob Appelbaum:
[...] I'm not clear that it will harm the network if Tails includes a BitTorrent client. I think that the harm comes when someone runs a few seeding boxes through Tor and doesn't bother to add any capacity to the network at all. [...]
Quote Andrew Lewman says:
[...] There are completely legitimate uses of bittorrent over Tor. I've talked to people who want to get their ISO of Fedora or Ubuntu from outside their country, so they bt over tor to do so. [...] I'm fully aware that the tor codebase punishes me for doing large downloads over Tor, so be it. [...]
Quote: Roger Dingledine:
[...] We've been saying for years not to run Bittorrent over Tor, because the Tor network can't handle the load; [...]
Bittorrent Client Fingerprinting
On initial startup, torrent clients generate a unique peer ID for the DHT network. Also apparently the trackers can set cookies in the client as a newer version of qbittorrent allows you to see and manage those from the GUI. To avoid leaving a long lived trail of download activity, it is recommended to periodically start fresh from a clean snapshot and reinstall the torrent client.
/usr/local/etc/onion-grater-merger.d/because that onion-grater settings folder is persistent in Qubes-Whonix TemplateBased ProxyVMs, i.e. Whonix-Gateway (commonly called
sys-whonix). Non-Qubes-Whonix users could also use
/etc/onion-grater-merger.d/. Qubes-Whonix users could also use
/etc/onion-grater-merger.d/but then users would have to make
/etc/onion-grater-merger.d/persistent, which would require doing this inside the Whonix-Gateway TemplateVM (commonly called
whonix-gw-14) and restart their Whonix-Gateway ProxyVM or to use bind-dirs. Both is more more complicated than simply using
/usr/local/etc/onion-grater-merger.d/which is persistent either way and even allows multiple Whonix-Gateway ProxyVMs based on the same Whonix-Gateway TemplateVM for lets say one Whonix-Gateway ProxyVM extending and relaxing onion-grater's whitelist and the other Whonix-Gateway ProxyVM with the default more restricted onion-grater whitelist.
- As per https://labs.riseup.net/code/issues/7870#note-15 onionshare uses ports 17600 to 17659.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.