Jump to: navigation, search

Template:Torify apt-get traffic

It is recommended to Torrify APT's traffic on the host for several reasons:

  • Each machine has its own unique package selection. This allows location tracking, because systems can be fingerprinted across physical networks as system updates are performed.
  • System updates leak sensitive security information like package versions and the varying patch levels. This information aids targeted attacks.


Follow these instructions below to torify APT traffic in Debian. [1]

Install apt-transport-tor from the Debian repository.

sudo apt-get install apt-transport-tor

Edit the sources.list to include only tor:// URLs for every entry.

Open /etc/apt/sources.list in an editor with root rights.

If you are using a graphical Whonix or Qubes-Whonix, run.

kdesudo kwrite /etc/apt/sources.list

If you are using a terminal-only Whonix, run.

sudo nano /etc/apt/sources.list

Save and exit.

Other URL Configurations

Alternatively, the tor+http:// URL scheme is possible. apt-transport-tor can also be combined with apt-transport-https, leading to the tor+https:// URL scheme. [2]

Note that changing ftp.us.debian.org to http.debian.net picks a mirror near to whichever Tor exit node is being used. Throughput is surprisingly fast. [3]

Debian URLs can also be changed to point to the onion addresses http://vwakviie2ienjx6t.onion or http://earthqfvaeuv5bla.onion. This is the most secure option, as no package metadata ever leaves Tor. [4] [5] [6] This URL scheme also protects from system compromise in the event APT has a critical security bug.
  1. https://packages.debian.org/apt-transport-tor
  2. https://lwn.net/Articles/672350/
  3. https://retout.co.uk/blog/2014/07/21/apt-transport-tor
  4. http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/
  5. https://onion.debian.org
  6. https://onion.torproject.org