Actions

Forcing .onion on Whonix.org

From Whonix


Dumbbell-940375640.jpg

Introduction[edit]

Info Note:

  • Consistent use of the Whonix ™ onion service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities and the mainstream Domain Name System and it also reduces the load on Tor exit nodes.
  • The procedure below is not persistent for Tor Browser in Qubes-Whonix ™ DisposableVMs unless the DVM template is customized.

To use .onion services when browsing Whonix ™.org follow the links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository.

Once a user rule is configured, no further intervention is needed to seamlessly browse the Whonix ™ .onion address. Note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating the onion address. [1] Also note that on a few occasions in the past it was not possible to log in to the Whonix ™ forums using the onion address. [2] [3]

HTTPS Everywhere User Rules[edit]

Requirements[edit]

  • The user must have Tor Browser installed, which is the default in Whonix ™.
  • A recent (non-ancient) Tor version. [4]

Background[edit]

HTTPS Everywhere [archive] is a browser add-on produced as a collaboration between the Tor Project and the EFF [archive]. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! [5]

Adding User Rules[edit]

Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPS Everywhere developer jeremyn clearly stated [6]:

HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.

Now that Firefox uses WebExtensions, rules must now be added from the HTTPS Everywhere GUI. The Whonix ™ homepage [archive] is used in this example. Please note it may be necessary to repeat the steps below for redirection of Whonix ™ forums [archive].

  1. Go to the site. (https://www.whonix.org [archive])
  2. Once loaded, click the blue HTTPS Everywhere icon in the upper corner of Tor Browser and select "See more".
  3. Click on "Add a rule for this site".
  4. Click on "Show advanced" under the host field. For each user rule set two fields require editing.
  5. Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken (because the default rule set in the extension already has a rule that redirects from HTTP).
  6. Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive])
  7. Click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, it is necessary to repeat this process.

What if I made a mistake or the rule won't work?
Rules cannot be easily changed from the GUI, especially in the case of a broken redirect. Furthermore, user rules are stored in a sqlite3 binary file that cannot be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope of this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or if a mistake is made.

If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:

{"host":"www.whonix.org","redirectTo":"http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive]","urlMatcher":"^https?://www\\.whonix\\.org/"},

A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before making any changes.


What if I am using a DispVM in Qubes-Whonix ™?
Any changes to the HTTPS Everywhere user rule file will revert to the defaults after the DispVM is stopped. It is necessary to complete these steps again when a new DispVM is launched, unless the DVM template is customized.

Other Rules[edit]

Other similar rulesets -- like those found on the Darkweb Everywhere github page [archive] -- do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.

Footnotes[edit]

  1. The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
  2. https://forums.whonix.org/t/onion-forum-broken/8870 [archive]
  3. This suggests the Whonix ™ forums onion address could become (temporarily) inaccessible in the future.
  4. v3 onion connections require Tor v3.2 or above.
  5. Because of the way most popular web applications are written, they expect to be at one location, for example forums.whonix.org, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service [archive]
  6. See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102 [archive]


text=Jobs in USA
Jobs in USA


Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Did you know that anyone can edit the Whonix wiki [archive] to improve it?

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.