Non-Whonix ™ Tor Browser
From Whonix
| About this Non-Whonix ™ Tor Browser Page | |
|---|---|
| Support Status | stable |
| Difficulty | easy |
| Maintainer | torjunkie [archive] |
| Support | Support |
Contents
Introduction[edit]
Various wiki sections recommend that a functional Tor Browser instance is maintained outside of the Whonix ™ platform. This is useful in various cases:
- Should Whonix ™ ever break, it is possible to search for a solution anonymously.
- System-wide Tor problems can be easily detected by testing connectivity outside of Whonix ™.
- Certain Tor / Tor Browser activities are difficult (or impossible) to configure in Whonix ™, but are much easier in the standard configuration. [1]
In Non-Qubes-Whonix ™, it is recommended to have Tor Browser installed on the Linux / macOS / Windows host platform. In Qubes-Whonix ™, it is recommended to install Tor Browser in a debian-10 AppVM.
Easy[edit]
All Platforms: Manual Tor Browser Download[edit]
Follow these instructions to manually download Tor Browser with Firefox-ESR via the available onion service. This method is not anonymous, unless Qubes-Whonix ™ users temporarily set sys-whonix as the NetVM for the non-Whonix ™ AppVM.
Debian Linux Hosts[edit]
Tor Browser can optionally be downloaded utilizing the tb-updater [archive] software package by Whonix ™ developers. By default the download does not occur over Tor, meaning it is not anonymous.
1. Add the Whonix ™ signing key.
Warning:
The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [2] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Add the Whonix ™ APT repository.
echo “deb http://deb.whonix.org buster main contrib non-free” | sudo tee /etc/apt/sources.list.d/whonix.list
3. Update the package lists.
sudo apt-get update
4. Install tb-updater.
sudo apt-get install tb-updater
Moderate: Qubes-Whonix ™[edit]
Qubes-Whonix ™ R4 only! This method is anonymous.
The Qubes-Whonix ™ R4 or above instructions using Whonix ™ tb-updater are a little more difficult because TemplateVMs are non-networked by default.
These instructions:
- Anonymously retrieve and verify the Whonix ™ signing key.
- Copy the Whonix ™ signing key to a debian-10 TemplateVM clone (
debian-10-tor). - Add the Whonix ™ signing key to a list of trusted keys.
- Install apt-transport-tor in the
debian-10-torTemplateVM. - Add the Whonix ™ onion repository.
- Install
tb-updaterfrom the Whonix ™ stable repository. - Create a
debian-tor-browserAppVM based on the debian-10 TemplateVM clone. - Complete the anonymous installation of Tor Browser in the non-Whonix ™ VM.
Clone the debian-10 TemplateVM[edit]
Prerequisite: The Debian 10 TemplateVM must be manually installed first. In dom0, run.
sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10
In Qube Manager: Right-click debian-10 template → Clone qube → Rename to debian-10-tor
anon-whonix Steps[edit]
Run the following commands in anon-whonix Konsole.
1. Add the Whonix ™ signing key.
Warning:
The following command using gpg with --recv-keys is not recommended for security reasons and is often non-functional. [3] This is not a Whonix ™-specific issue. The OpenPGP public key should be downloaded from the web instead; see also Secure Downloads. This procedure is currently undocumented and can be resolved as per the Free Support Principle. Documentation contributions will be happily considered.
sudo apt-key adv --keyserver jirk5u4osbsr34t5.onion --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Display the key fingerprint.
sudo apt-key adv --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
3. Verify the Whonix ™ signing key fingerprint.
Compare the fingerprint to the one found here.
4. Copy the Whonix ™ signing key to a temporary whonix.key file.
sudo apt-key export 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA > /tmp/whonix.key
5. Copy the whonix.key text file to the debian-10-tor TemplateVM.
qvm-copy /tmp/whonix.key debian-10-tor
debian-10-tor TemplateVM Steps[edit]
Complete the following steps in debian-10-tor Konsole.
1. Add the Whonix ™ signing key to the list of trusted keys.
sudo apt-key add ~/QubesIncoming/anon-whonix/whonix.key
2. Install apt-transport-tor [archive] from the Debian repository. [4]
sudo apt-get install apt-transport-tor
3. Add the Whonix ™ stable onion APT repository.
Note: tor+http does not work in this configuration.
echo "deb http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion buster main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
4. Update the package lists.
sudo apt-get update
5. Install tb-updater by Whonix ™.
sudo apt-get install tb-updater
Note: This step will correctly install tb-updater, but if it tries to automatically download Tor Browser it will fail because the download attempt from The Tor Project is blocked by default.
debian-tor-browser AppVM Steps[edit]
1. Create an AppVM based on the debian-10-tor TemplateVM: debian-tor-browser.
In Qube Manager: Left-click Qube → Create new qube
Use the following settings:
- Name and label: debian-tor-browser
- Type: AppVM
- Template: debian-10-tor
- Networking: default (sys-firewall)
2. Temporarily set sys-whonix as the NetVM for the Debian AppVM.
In Qube Manager: Right-click debian-tor-browser → Qube settings → Networking → Select sys-whonix → OK
3. Download Tor Browser.
In Konsole, run.
update-torbrowser --input gui
4. Revert the networking setting to sys-firewall in Qube Manager.
5. Launch Tor Browser from the AppVM menu and check it is functional.
Note: Tor Browser can be kept up-to-date using Tor Browser's internal updater. It is not necessary to run the update-torbrowser command again.
Footnotes[edit]
- ↑ For example, the Snowflake pluggable transport client is currently experimental in Whonix ™.
- ↑ https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
- ↑ https://forums.whonix.org/t/gpg-recv-keys-fails-no-longer-use-keyservers-for-anything/5607 [archive]
- ↑ For support in downloading APT packages anonymously via the Tor network.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
Want to make Whonix safer and more usable? We're looking for helping hands. Check out the Open Issues [archive] and development forum [archive].
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].
Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.