Forcing .onion on Whonix.org
.onion services when browsing Whonix ™.org follow the links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository.
- homepage [archive] onion [archive]
- wiki [archive] onion [archive]
- forums [archive] onion [archive]
- phabricator [archive] onion [archive]
- mailman [archive] onion [archive]
- debian repository [archive] onion [archive]
Once a user rule is configured, no further intervention is needed to seamlessly browse the Whonix ™
.onion address. Note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating the onion address.  Also note that on a few occasions in the past it was not possible to log in to the Whonix ™ forums using the onion address.  
HTTPS Everywhere User Rules
- The user must have Tor Browser installed, which is the default in Whonix ™.
- A recent (non-ancient) Tor version. 
HTTPS Everywhere [archive] is a browser add-on produced as a collaboration between the Tor Project and the EFF [archive]. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! 
Adding User Rules
Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPS Everywhere developer jeremyn clearly stated :
HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.
Now that Firefox uses WebExtensions, rules must now be added from the HTTPS Everywhere GUI. The Whonix ™ homepage [archive] is used in this example. Please note it may be necessary to repeat the steps below for redirection of Whonix ™ forums [archive].
- Go to the site. (https://www.whonix.org [archive])
- Once loaded, click the blue HTTPS Everywhere icon in the upper corner of Tor Browser and select "See more".
- Click on "Add a rule for this site".
- Click on "Show advanced" under the host field. For each user rule set two fields require editing.
- Change "matching regex" from
^https?://so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken (because the default rule set in the extension already has a rule that redirects from HTTP).
- Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive])
- Click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, it is necessary to repeat this process.
What if I made a mistake or the rule won't work?
Rules cannot be easily changed from the GUI, especially in the case of a broken redirect. Furthermore, user rules are stored in a sqlite3 binary file that cannot be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope of this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or if a mistake is made.
If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in:
/home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:
A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before making any changes.
What if I am using a DispVM in Qubes-Whonix ™?
Any changes to the HTTPS Everywhere user rule file will revert to the defaults after the DispVM is stopped. It is necessary to complete these steps again when a new DispVM is launched, unless the DVM template is customized.
- The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
- https://forums.whonix.org/t/onion-forum-broken/8870 [archive]
- This suggests the Whonix ™ forums onion address could become (temporarily) inaccessible in the future.
- v3 onion connections require Tor v3.2 or above.
- Because of the way most popular web applications are written, they expect to be at one location, for example forums.whonix.org, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service [archive]
- See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)