Non-Whonix ™ Tor Browser
From Whonix
| About this Non-Whonix ™ Tor Browser Page | |
|---|---|
| Support Status | stable |
| Difficulty | easy |
| Maintainer | torjunkie [archive] |
| Support | Support |
Contents
Introduction[edit]
Various wiki sections recommend that a functional Tor Browser instance is maintained outside of the Whonix ™ platform. This is useful in various cases:
- Should Whonix ™ ever break, it is possible to search for a solution anonymously.
- System-wide Tor problems can be easily detected by testing connectivity outside of Whonix ™.
- Certain Tor / Tor Browser activities are difficult (or impossible) to configure in Whonix ™, but are much easier in the standard configuration. [1]
In Non-Qubes-Whonix ™, it is recommended to have Tor Browser installed on the Linux / macOS / Windows host platform. In Qubes-Whonix ™, it is recommended to install Tor Browser in a debian-10 AppVM.
Easy[edit]
All Platforms: Manual Tor Browser Download[edit]
Follow these instructions to manually download Tor Browser with Firefox-ESR via the available onion service. This method is not anonymous, unless Qubes-Whonix ™ users temporarily set sys-whonix as the NetVM for the non-Whonix ™ AppVM.
Debian Linux Hosts[edit]
Tor Browser can optionally be downloaded utilizing the tb-updater [archive] software package by Whonix ™ developers. By default the download does not occur over Tor, meaning it is not anonymous.
1. Add the Whonix ™ signing key.
Warning:
The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [2] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Add the Whonix ™ APT repository.
echo “deb http://deb.whonix.org buster main contrib non-free” | sudo tee /etc/apt/sources.list.d/whonix.list
3. Update the package lists.
sudo apt-get update
4. Install tb-updater.
sudo apt-get install tb-updater
Moderate: Qubes-Whonix ™[edit]
Qubes-Whonix ™ R4 only! This method is anonymous.
The Qubes-Whonix ™ R4 or above instructions using Whonix ™ tb-updater are a little more difficult because TemplateVMs are non-networked by default.
These instructions:
- Anonymously retrieve and verify the Whonix ™ signing key.
- Copy the Whonix ™ signing key to a debian-10 TemplateVM clone (
debian-10-tor). - Add the Whonix ™ signing key to a list of trusted keys.
- Install apt-transport-tor in the
debian-10-torTemplateVM. - Add the Whonix ™ onion repository.
- Install
tb-updaterfrom the Whonix ™ stable repository. - Create a
debian-tor-browserAppVM based on the debian-10 TemplateVM clone. - Complete the anonymous installation of Tor Browser in the non-Whonix ™ VM.
Clone the debian-10 TemplateVM[edit]
Prerequisite: The Debian 10 TemplateVM must be manually installed first. In dom0, run.
sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10
In Qube Manager: Right-click debian-10 template → Clone qube → Rename to debian-10-tor
anon-whonix Steps[edit]
Run the following commands in anon-whonix Konsole.
1. Add the Whonix ™ signing key.
Warning:
The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [3] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.
sudo apt-key adv --keyserver jirk5u4osbsr34t5.onion --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Display the key fingerprint.
sudo apt-key adv --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
3. Verify the Whonix ™ signing key fingerprint.
Compare the fingerprint to the one found here.
4. Copy the Whonix ™ signing key to a temporary whonix.key file.
sudo apt-key export 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA > /tmp/whonix.key
5. Copy the whonix.key text file to the debian-10-tor TemplateVM.
qvm-copy /tmp/whonix.key debian-10-tor
debian-10-tor TemplateVM Steps[edit]
Complete the following steps in debian-10-tor Konsole.
1. Add the Whonix ™ signing key to the list of trusted keys.
sudo apt-key add ~/QubesIncoming/anon-whonix/whonix.key
2. Install apt-transport-tor [archive] from the Debian repository. [4]
sudo apt-get install apt-transport-tor
3. Add the Whonix ™ stable onion APT repository.
Note: tor+http does not work in this configuration.
echo "deb http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
4. Update the package lists.
sudo apt-get update
5. Install tb-updater by Whonix ™.
sudo apt-get install tb-updater
Note: This step will correctly install tb-updater, but if it tries to automatically download Tor Browser it will fail because the download attempt from The Tor Project is blocked by default.
debian-tor-browser AppVM Steps[edit]
1. Create an AppVM based on the debian-10-tor TemplateVM: debian-tor-browser.
In Qube Manager: Left-click Qube → Create new qube
Use the following settings:
- Name and label: debian-tor-browser
- Type: AppVM
- Template: debian-10-tor
- Networking: default (sys-firewall)
2. Temporarily set sys-whonix as the NetVM for the Debian AppVM.
In Qube Manager: Right-click debian-tor-browser → Qube settings → Networking → Select sys-whonix → OK
3. Download Tor Browser.
In Konsole, run.
update-torbrowser --input gui
4. Revert the networking setting to sys-firewall in Qube Manager.
5. Launch Tor Browser from the AppVM menu and check it is functional.
Note: Tor Browser can be kept up-to-date using Tor Browser's internal updater. It is not necessary to run the update-torbrowser command again.
Footnotes[edit]
- ↑ For example, the Snowflake pluggable transport client is currently experimental in Whonix ™.
- ↑ https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
- ↑ https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
- ↑ For support in downloading APT packages anonymously via the Tor network.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
We are looking for maintainers and developers.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.