Jump to: navigation, search

Template:Apt-Transport-Tor

apt-transport-tor is a package that allows host operating systems or non-Whonix-Workstation VMs that are not behind a torifying gateway (like Whonix-Gateway) to torify their apt-get traffic for individual repositories.

There is no need to use apt-transpart-tor inside Whonix VMs since all traffic is already routed over Tor. apt-get is stream isolated using a preconfigured uwt wrapper. In other words, apt-get in Whonix is already talking to a Tor SocksPort.

With non-Whonix systems in mind, for security reasons apt-get blocks clearnet connections to .onion domains by default. apt-get developers want to protect users from accidentally trying to use .onion repositories without using Tor. Otherwise, a rouge DNS server could redirect users to a false domain and trick them into thinking they are using Tor when they are not.

In Whonix, this is not needed. This feature actually needs to be disabled and the apt.conf.d snippet set to Acquire::BlockDotOnion "false". This will be the default in Whonix 14.

https://github.com/Whonix/anon-apt-sources-list/blob/master/etc/apt/apt.conf.d/30onion-allow