Non-Whonix ™ Tor Browser
From Whonix
Contents
Introduction[edit]
Various wiki sections recommend that a functional Tor Browser instance is maintained outside of the Whonix ™ platform. This is useful in various cases:
- Should Whonix ™ ever break, it is possible to search for a solution anonymously.
- System-wide Tor problems can be easily detected by testing connectivity outside of Whonix ™.
- Certain Tor / Tor Browser activities are difficult (or impossible) to configure in Whonix ™, but are much easier in the standard configuration. [1]
In Non-Qubes-Whonix ™, it is recommended to have Tor Browser installed on the Linux / macOS / Windows host platform. In Qubes-Whonix ™, it is recommended to install Tor Browser in a debian-9 AppVM.
Easy[edit]
All Platforms: Manual Tor Browser Download[edit]
Follow these instructions to manually download Tor Browser with Firefox-ESR via the available onion service. This method is not anonymous, unless Qubes-Whonix ™ users temporarily set sys-whonix as the NetVM for the non-Whonix ™ AppVM.
Debian Linux Hosts[edit]
Tor Browser can optionally be downloaded utilizing the tb-updater software package by Whonix ™ developers. By default the download does not occur over Tor, meaning it is not anonymous.
1. Add the Whonix ™ signing key.
sudo apt-key --keyring /etc/apt/trusted.gpg.d/whonix.gpg adv --keyserver hkp://ipv4.pool.sks-keyservers.net:80 --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Add the Whonix ™ APT repository.
echo “deb http://deb.whonix.org stretch main contrib non-free” | sudo tee /etc/apt/sources.list.d/whonix.list
3. Update the package lists.
sudo apt-get update
4. Install tb-updater.
sudo apt-get install tb-updater
Moderate: Qubes-Whonix ™[edit]
Qubes-Whonix ™ R4 only! This method is anonymous.
The Qubes-Whonix ™ R4 or above instructions using Whonix ™ tb-updater are a little more difficult because TemplateVMs are non-networked by default.
These instructions:
- Anonymously retrieve and verify the Whonix ™ signing key.
- Copy the Whonix ™ signing key to a debian-9 TemplateVM clone (
debian-9-tor). - Add the Whonix ™ signing key to a list of trusted keys.
- Install apt-transport-tor in the
debian-9-torTemplateVM. - Add the Whonix ™ onion repository.
- Install
tb-updaterfrom the Whonix ™ stable repository. - Create a
debian-tor-browserAppVM based on the debian-9 TemplateVM clone. - Complete the anonymous installation of Tor Browser in the non-Whonix ™ VM.
Clone the debian-9 TemplateVM[edit]
In Qube Manager: Right-click debian-9 template → Clone qube → Rename to debian-9-tor
anon-whonix Steps[edit]
Run the following commands in anon-whonix Konsole.
1. Add the Whonix ™ signing key.
sudo apt-key adv --keyserver jirk5u4osbsr34t5.onion --recv-keys 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
2. Display the key fingerprint.
sudo apt-key adv --fingerprint 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA
3. Verify the Whonix ™ signing key fingerprint.
Compare the fingerprint to the one found here.
4. Copy the Whonix ™ signing key to a temporary whonix.key file.
sudo apt-key export 916B8D99C38EAF5E8ADC7A2A8D66066A2EEACCDA > /tmp/whonix.key
5. Copy the whonix.key text file to the debian-9-tor TemplateVM.
qvm-copy /tmp/whonix.key debian-9-tor
debian-9-tor TemplateVM Steps[edit]
Complete the following steps in debian-9-tor Konsole.
1. Add the Whonix ™ signing key to the list of trusted keys.
sudo apt-key add ~/QubesIncoming/anon-whonix/whonix.key
2. Install apt-transport-tor from the Debian repository. [2]
sudo apt-get install apt-transport-tor
3. Add the Whonix ™ stable onion APT repository.
Note: tor+http does not work in this configuration.
echo "deb http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch main contrib non-free" | sudo tee /etc/apt/sources.list.d/whonix.list
4. Update the package lists.
sudo apt-get update
5. Install tb-updater by Whonix ™.
sudo apt-get install tb-updater
Note: This step will correctly install tb-updater, but when it tries to automatically download Tor Browser it will fail because the download attempt from The Tor Project is blocked by default.
debian-tor-browser AppVM Steps[edit]
1. Create an AppVM based on the debian-9-tor TemplateVM: debian-tor-browser.
In Qube Manager: Left-click Qube → Create new qube
Use the following settings:
- Name and label: debian-tor-browser
- Type: AppVM
- Template: debian-9-tor
- Networking: default (sys-firewall)
2. Download Tor Browser.
In Konsole, run.
update-torbrowser --input gui
3. Launch Tor Browser from the AppVM menu and check it is functional.
Note: Tor Browser can be kept up-to-date using Tor Browser's internal updater. It is not necessary to run the update-torbrowser command again.
Footnotes[edit]
No comments for now due to spam. Use Whonix forums instead.
Please contribute by helping to answer Whonix questions.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.
Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.