Actions

Forcing .onion on Whonix.org


To do this, simply follow these links below to browse the Whonix main page, homepage, forums, download page, phabricator site, or the Whonix Debian repository. [1]:

Once a user rule is configured (see below), using Whonix .onion addresses is easy and seamless. Users should note that if a user rule is not configured, some resources from the clearnet Whonix.org address will be utilized when navigating to the v2 or v3 onion address. [2]



Requirements[edit]

  • The user must have Tor Browser installed, which is the default in Whonix.
  • v3 onion connections require Tor v3.2 or above running in the Whonix-Gateway (sys-whonix).

Background[edit]

HTTPS Everywhere is a very clever tool created by developers at the EFF. It automatically forces encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! [3]


Adding User Rules[edit]

Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPSEverywhere developer jeremyn clearly stated [4]:

HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.

Now that Firefox uses WebExtensions, rules must now be added from the HTTPS-Everywhere GUI. We will use the Whonix homepage in this example. Please note that you may have to repeat the steps below for redirection of forums.

  1. Go to the site. (https://www.whonix.org)
  2. Once it has loaded, click the blue HTTPS-Everywhere icon in the upper corner of Tor Browser and select the text, "add a rule for this site".
  3. Click the text that says "show advanced" under the host field. You will need to edit two fields.
  4. Click "add a new rule for this site" and refresh the page. It should now redirect automatically. Multiple rules may be needed for an address to work completely. In that case, you will need to repeat this process.


What if I made a mistake or the rule won't work?

Rules cannot be easily changed from the GUI, especially in the case of a broken redirect. You may need to edit rules manually. Rules are stored in a plaintext file in the Tor Browser profile folder, which can be either edited or deleted. If deleted, it will be created as an empty file on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/browser-extension-data/https-everywhere-eff@eff.org/storage.js. A rule will look something like this:

{"host":"www.whonix.org","redirectTo":"http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/","urlMatcher":"^https?://www\\.whonix\\.org/"},

A trailing comma and space as shown above will appear if there are multiple rules. Be sure to create a backup of this file before you make any changes.



Other Rules[edit]

Other similar rulesets - like those found on the Darkweb Everywhere github page - do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.


Footnotes[edit]

  1. The v3 onion service is only available for those running the Tor client v3.2 or higher in Whonix-Gateway (sys-whonix)
  2. The reason is mediawiki, wordpress and discourse are using the primary Whonix https domain. These webapps do not support multiple domains for the same website.
  3. Because of the way most popular webapps are written, they expect to be at one location, for example whonix.org/blog, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service
  4. See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102

Random News:

Join us in testing our new AppArmor profiles for improved security! (forum discussion)


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.

Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Libre Software license as Whonix itself. (Why?)