Actions

Forcing .onion on Whonix.org

From Whonix


Info Consistent use of the Whonix ™ Onion Service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities and the mainstream Domain Name System and it also reduces the load on Tor exit nodes.


To use .onion services when browsing Whonix ™.org simply follow these links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository. [1]:

Once a user rule is configured (see below), no further intervention is needed to seamlessly browse the Whonix ™ .onion addresses. Users should note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating to the v2 or v3 onion address. [2]



Requirements[edit]

  • The user must have Tor Browser installed, which is the default in Whonix ™.
  • v3 onion connections require Tor v3.2 or above running in the Whonix-Gateway ™ (sys-whonix).

Background[edit]

HTTPS Everywhere [archive] is a browser add-on produced as a collaboration between the Tor Project and the EFF [archive]. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! [3]


Adding User Rules[edit]

Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPSEverywhere developer jeremyn clearly stated [4]:

HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.

Now that Firefox uses WebExtensions, rules must now be added from the HTTPS-Everywhere GUI. We will use the Whonix ™ homepage [archive] in this example. Please note that you may have to repeat the steps below for redirection of forums [archive].

  1. Go to the site. (https://www.whonix.org [archive])
  2. Once loaded, click the blue HTTPS-Everywhere icon in the upper corner of Tor Browser and select "See more".
  3. Next, click on "Add a rule for this site"
  4. Then, click on "Show advanced" under the host field. For each user rule set two fields require editing.
  5. Finally, click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, you will need to repeat this process.


What if I made a mistake or the rule won't work?

Rules can not easily be changed from the GUI, especially in the case of a broken redirect. Furthermore user rules are stored in a sqlite3 binary file that can not be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope if this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or a mistake is made. If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:

{"host":"www.whonix.org","redirectTo":"http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive]","urlMatcher":"^https?://www\\.whonix\\.org/"},

A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before you make any changes.



Other Rules[edit]

Other similar rulesets - like those found on the Darkweb Everywhere github page [archive] - do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.


Footnotes[edit]

  1. The v3 onion service is only available for those running the Tor client v3.2 or higher in Whonix-Gateway ™ (sys-whonix)

    Info Note: Whonix ™ maintains compatibility with both v2 and v3 onion services so users can access web resources while staying in the Tor network. However, while v2 onions services are available, users are encouraged to use v3 (next generation) onion services when visiting whonix.org. This will allow users to benefit from the many improvements over the v2 legacy system

    https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions [archive], aka prop224

  2. The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
  3. Because of the way most popular webapps are written, they expect to be at one location, for example whonix.org/blog, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service [archive]
  4. See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102 [archive]

Are you proficient with iptables? Want to contribute? Check out possible improvements to iptables [archive]. Please come and introduce yourself in the development forum [archive].

https [archive] | (forcing) onion [archive]
Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.

Monero donate whonix.png