Actions

Non-Whonix ™ Tor Browser

From Whonix



About this Non-Whonix ™ Tor Browser Page
Support Status stable
Difficulty easy
Maintainer torjunkie [archive]
Support Support

Introduction[edit]

Various wiki sections recommend that a functional Tor Browser instance is maintained outside of the Whonix ™ platform. This is useful in various cases:

  • Should Whonix ™ ever break, it is possible to search for a solution anonymously.
  • System-wide Tor problems can be easily detected by testing connectivity outside of Whonix ™.
  • Certain Tor / Tor Browser activities are difficult (or impossible) to configure in Whonix ™, but are much easier in the standard configuration. [1]

In Non-Qubes-Whonix ™, it is recommended to have Tor Browser installed on the Linux / macOS / Windows host platform. In Qubes-Whonix ™, it is recommended to install Tor Browser in a debian-10 AppVM.

Easy[edit]

All Platforms: Manual Tor Browser Download[edit]

Follow these instructions to manually download Tor Browser with Firefox-ESR via the available onion service. This method is not anonymous, unless Qubes-Whonix ™ users temporarily set sys-whonix as the NetVM for the non-Whonix ™ AppVM.

Debian Linux Hosts[edit]

Tor Browser can optionally be downloaded utilizing the tb-updater [archive] software package by Whonix ™ developers. By default the download does not occur over Tor, meaning it is not anonymous.

1. Add the Whonix ™ signing key.

Whonix first time users warning Warning:

The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [2] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.

sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

2. Add the Whonix ™ APT repository.

echo “deb http://deb.whonix.org buster main contrib non-free” | sudo tee /etc/apt/sources.list.d/whonix.list

3. Update the package lists.

sudo apt-get update

4. Install tb-updater.

sudo apt-get install tb-updater

Moderate: Qubes-Whonix ™[edit]

Ambox notice.png Qubes-Whonix ™ R4 only! This method is anonymous.

The Qubes-Whonix ™ R4 or above instructions using Whonix ™ tb-updater are a little more difficult because TemplateVMs are non-networked by default.

These instructions:

  1. Anonymously retrieve and verify the Whonix ™ signing key.
  2. Copy the Whonix ™ signing key to a debian-10 TemplateVM clone (debian-10-tor).
  3. Add the Whonix ™ signing key to a list of trusted keys.
  4. Install apt-transport-tor in the debian-10-tor TemplateVM.
  5. Add the Whonix ™ onion repository.
  6. Install tb-updater from the Whonix ™ stable repository.
  7. Create a debian-tor-browser AppVM based on the debian-10 TemplateVM clone.
  8. Complete the anonymous installation of Tor Browser in the non-Whonix ™ VM.

Clone the debian-10 TemplateVM[edit]

Info Prerequisite: The Debian 10 TemplateVM must be manually installed first. In dom0, run.

sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10

In Qube Manager: Right-click debian-10 templateClone qubeRename to debian-10-tor

anon-whonix Steps[edit]

Run the following commands in anon-whonix Konsole.

1. Add the Whonix ™ signing key.

Whonix first time users warning Warning:

The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [3] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.

sudo apt-key adv --keyserver jirk5u4osbsr34t5.onion --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

2. Display the key fingerprint.

sudo apt-key adv --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA

3. Verify the Whonix ™ signing key fingerprint.

Compare the fingerprint to the one found here.

4. Copy the Whonix ™ signing key to a temporary whonix.key file.

sudo apt-key export 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA > /tmp/whonix.key

5. Copy the whonix.key text file to the debian-10-tor TemplateVM.

qvm-copy /tmp/whonix.key debian-10-tor

debian-10-tor TemplateVM Steps[edit]

Complete the following steps in debian-10-tor Konsole.

1. Add the Whonix ™ signing key to the list of trusted keys.

sudo apt-key add ~/QubesIncoming/anon-whonix/whonix.key

2. Install apt-transport-tor [archive] from the Debian repository. [4]

sudo apt-get install apt-transport-tor

3. Add the Whonix ™ stable onion APT repository.

Note: tor+http does not work in this configuration.

echo "deb http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list

4. Update the package lists.

sudo apt-get update

5. Install tb-updater by Whonix ™.

sudo apt-get install tb-updater

Note: This step will correctly install tb-updater, but if it tries to automatically download Tor Browser it will fail because the download attempt from The Tor Project is blocked by default.

debian-tor-browser AppVM Steps[edit]

1. Create an AppVM based on the debian-10-tor TemplateVM: debian-tor-browser.

In Qube Manager: Left-click QubeCreate new qube

Use the following settings:

  • Name and label: debian-tor-browser
  • Type: AppVM
  • Template: debian-10-tor
  • Networking: default (sys-firewall)

2. Temporarily set sys-whonix as the NetVM for the Debian AppVM.

In Qube Manager: Right-click debian-tor-browserQube settingsNetworkingSelect sys-whonixOK

3. Download Tor Browser.

In Konsole, run.

update-torbrowser --input gui

4. Revert the networking setting to sys-firewall in Qube Manager.

5. Launch Tor Browser from the AppVM menu and check it is functional.

Note: Tor Browser can be kept up-to-date using Tor Browser's internal updater. It is not necessary to run the update-torbrowser command again.

Footnotes[edit]

  1. For example, the Snowflake pluggable transport client is currently experimental in Whonix ™.
  2. https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
  3. https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
  4. For support in downloading APT packages anonymously via the Tor network.


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png

Share: Twitter | Facebook

Want to get involved with Whonix ™? Check out our Contribute [archive] page.

https [archive] | (forcing) onion [archive]

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.