Forcing Onion Connections on

From Whonix
Jump to navigation Jump to search



Info Note:

  • Consistent use of the Whonix ™ onion service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities and the mainstream Domain Name System and it also reduces the load on Tor exit nodes.
  • The procedure below is not persistent for Tor Browser in Qubes-Whonix ™ DisposableVMs unless the DVM template is customized.

The onion domain of Whonix ™ is dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion.


Or in machine readable format, here is a raw link that only shows the onion: raw

To use .onion services when browsing Whonix ™.org follow the links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository.

Once a user rule is configured, no further intervention is needed to seamlessly browse the Whonix ™ .onion address. Note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating the onion address. [1] Also note that on a few occasions in the past it was not possible to log in to the Whonix ™ forums using the onion address. [2] [3]

HTTPS Everywhere User Rules[edit]


  • The user must have Tor Browser installed, which is the default in Whonix ™.
  • A recent (non-ancient) Tor version. [4]


HTTPS Everywhere is a browser add-on produced as a collaboration between the Tor Project and the EFF. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! [5]

Adding User Rules[edit]

Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPS Everywhere developer jeremyn clearly stated [6]:

HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.

Now that Firefox uses WebExtensions, rules must now be added from the HTTPS Everywhere GUI. The Whonix ™ homepage is used in this example. Please note it may be necessary to repeat the steps below for redirection of Whonix ™ forums.

  1. Go to the site. (
  2. Select the "hamburger" icon on the far right of Tor Browser's toolbar and select "customize". Add the HTTPS Everywhere icon to the toolbar. You can remove it later, when you are finished.
  3. Once the site has loaded, click the blue HTTPS Everywhere icon in the upper corner of Tor Browser and select "See more".
  4. Click on "Add a rule for this site".
  5. Click on "Show advanced" under the host field. For each user rule set two fields require editing.
  6. Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken (because the default rule set in the extension already has a rule that redirects from HTTP).
  7. Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/)
  8. Click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, it is necessary to repeat this process.

What if I made a mistake or the rule won't work?
Broken or unwanted rules can be removed by managing the HTTPS Everywhere extension from the add-ons menu.

Technical information: user rules are stored in a sqlite3 binary file that cannot be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope of this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or if a mistake is made.

If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:


A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before making any changes.

What if I am using a DispVM in Qubes-Whonix ™?
Any changes to the HTTPS Everywhere user rule file will revert to the defaults after the DispVM is stopped. It is necessary to complete these steps again when a new DispVM is launched, unless the DVM template is customized.

Other Rules[edit]

Other similar rulesets -- like those found on the Darkweb Everywhere github page -- do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.

Onion Service Opt-In[edit]

Tor Browser 9.5 and later features an opt-in for using onion sites automatically for participating websites.[7] [8] Direct connects to onion services are harder to track than the opt-in method, which must make DNS requests and web server connections from an exit node before being able to switch to the onion service.


  1. The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
  3. This suggests the Whonix ™ forums onion address could become (temporarily) inaccessible in the future.
  4. v3 onion connections require Tor v3.2 or above.
  5. Because of the way most popular web applications are written, they expect to be at one location, for example, and not at multiple locations. That is why this workaround is needed.
  6. See details here:
  8. http://a4ygisnerpgtc5ayerl22pll6cls3oyj54qgpm7qrmb66xrxts6y3lyd.onion/archive/2020-06-30-tor-browser-makes-onion-services-easier-to-find-use/index.html