Actions

Tor Browser Advanced Topics

From Whonix

< Tor Browser

Tor Browser Adversary Model[edit]

The Tor Browser design has carefully considered the goals, capabilities and types of attacks undertaken by adversaries and planned accordingly. The design specifications address:

  • Application data isolation.
  • Cross-origin fingerprinting unlinkability.
  • Cross-origin identifier unlinkability.
  • Disk avoidance.
  • Long-term unlinkability via the "New Identity" button.
  • Proxy obedience.
  • State separation.
  • Other security measures to address many of the risks outlined below. [1] [2]

Adversary Goals[edit]

Table: Adversary Goals [3] [4]

Adversary Goals Description
Anonymity Set Reduction (Fingerprinting) To identify specific individuals, system data like the browser build, timezone or display resolution is used to track down (or at least track) their activities.
Bypassing Proxy Settings Directly compromising and bypassing Tor, or forcing connections to specific IP addresses.
Correlating Activity across Multiple Sites Learning if the person who visited site A is the same person who visited site B, in order to serve targeted advertisements.
Correlating Tor and Non-Tor activity If a proxy bypass is not possible, correlation of Tor and non-Tor activity is sought via cookies, cache identifiers, JavaScript events and Cascading Style Sheets (CSS).
History Disclosure Querying user history for censored search queries or websites.
History Records and other On-disk Information Seizing the computers of all Tor users in a given area and extracting history records, cache data, hostnames and disk-logged spoofed MAC address history.
Location Information Seeking timezone and locality information to determine if the user originates from a specific region they are trying to control, or focusing in on dissidents or whistleblowers.

Adversary Positioning Capabilities[edit]

Table: Positioning Capabilities [3] [4]

Location Description
Adservers and/or Malicious Websites Running websites or contracting ad space from adservers to inject content. Reducing a Tor user's anonymity is also good for marketing purposes. [5]
Exit Node or Upstream Router Running exit nodes or controlling routers upstream of exit nodes. [6]
Local Network / ISP / Upstream Router Injecting malicious content at the upstream router when Tor is disabled in order to correlate Tor and non-Tor activity. Additionally, block Tor or attempt to recognize traffic patterns of specific web pages at the entrance to the Tor network.
Physical Access Constant or intermittent physical access to computer equipment. This may happen to Internet cafe users or those in jurisdictions where equipment is confiscated due to general suspicion or solely for Tor use.

Adversary Attack Capabilities[edit]

Ambox warning pn.svg.png Warning: Advanced adversaries have numerous surveillance methods and attack vectors to deanonymize and spy on individuals.

Table: Attack Capabilities [3] [4]

Attack Capabilities Description
Inserting CSS
  • Using CSS pop-ups: Correlate Tor and non-Tor activity in order to reveal the non-Tor IP address.
  • Using CSS and JavaScript: Perform CSS-only history disclosure attacks.
  • CSS media queries: Gather information about desktop size, widget size, display type, DPI, user agent type and other information.
Inserting JavaScript
  • Extracting fingerprinting information: Available fonts, DOM objects to ascertain the user agent, WebGL to reveal the video card in use, and high precision timing information to reveal the CPU and interpreter speed.
  • Executing history disclosure attacks: Query the history of different attributes of visited links for specific queries, sites, or for user profiling (gender, interests etc.).
  • Querying: The user's timezone via the date object and reducing the anonymity set by querying the navigator object for operating system, CPU, location and user agent information.
Inserting or Exploiting Plugins
  • Using plugins: Perform network activity that is independent of browser (or its own) proxy settings in order to obtain the non-Tor IP address.
  • Using active plugin exploits: Leak the non-Tor IP address.
  • Enumerating: The list of plugins to fingerprint the user.
  • Gathering information: Use plugins capable of extracting font lists, interface addresses and other machine information.
  • Retrieving: Unique plugin identifiers.
Reading and Inserting Identifiers
  • Storing identifiers: HTTP auth, DOM storage, cached scripts, other elements with embedded identifiers, client certificates and TLS session IDs.
  • Performing a man-in-the-middle (MITM) attack: Inject elements to both read and inject cookies for arbitrary domains (affecting even SSL/TLS secured websites).
Other Attacks
  • Creating arbitrary cached content: Reading the browser cache which stores unique identifiers.
  • Observing request behavior: Fingerprinting is aided by observing the user agent, Accept-* headers, pipeline usage, and request ordering. Fingerprinting is worsened by custom filters like AdBlock and UBlock Origin.
  • Fingerprinting: Using the large number of browser attributes to reduce the anonymity set, or even uniquely fingerprinting individuals. [7]
  • Website traffic fingerprinting: Attempting to recognize the encrypted traffic patterns of specific websites, either between the user and the Guard node, or at the Guard node itself. [8]
  • Remotely or locally exploiting the browser and/or OS: Exploiting the browser, plugin or OS vulnerabilities to install malware or surveillance software, or physically access the machine to do the same.

Torbutton Design[edit]

Torbutton's functions in Tor Browser behavior are gradually being moved into direct Firefox patches, [9] but it is designed to address a number of dimensions.

Table: Torbutton Features [10] [11]

Feature Description
Anonymity Set Preservation Tor Browser should not leak any other anonymity set reducing or fingerprinting information (such as user agent, extension presence, and resolution information) automatically via Tor.
Disk Avoidance Tor Browser should not write any Tor-related state to disk, or store it in memory beyond one Tor toggle.
Interoperability Torbutton should inter-operate with third-party proxy switchers that enable the user to switch between a number of different proxies, with full Tor protection.
Location Neutrality Tor Browser should not leak location-specific information, like the timezone or locale via Tor.
Proxy Obedience Tor Browser must not bypass Tor proxy settings.
State Separation Cookies, cache, history, DOM storage, and more accumulated in one Tor state must not be accessible via the network in another Tor state.
Update Safety Tor Browser should not perform unauthenticated updates or upgrades via Tor.

Tor Browser patches and the Torbutton extension can potentially disable some functionality or interfere with the proper operation of some Internet sites, but the vast majority of websites work well. To learn more about Torbutton, see:

New Identity Design[edit]

The Tor Browser design document describes the full features provided by this extension: [12] [13]

  • Disables Javascript and plugins on all tabs and windows.
  • Stops all page activity for each tab.
  • Clears the Tor Browser state:
    • OCSP state.
    • Content and image cache.
    • Site-specific zoom.
    • Cookies and DOM storage.
    • The safe browsing key.
    • Google Wi-Fi geolocation token.
    • Last opened URL preference (if it exists).
    • Searchbox and findbox text.
    • Purge session history.
    • HTTP authentication.
    • SSL session IDs.
    • Crypto tokens.
    • Site-specific content preferences.
    • Undo tab history.
    • Offline storage.
    • Domain isolator state.
    • NoScript's site and temporary permissions.
    • All other browser site permissions.
  • Closes all remaining HTTP keep-alive connections.
  • Sends Tor the "newnym" signal to issue a new Tor circuit.


After this process above, a fresh browser window is opened and the current browser window is closed (this does not spawn a new Firefox process, only a new window). When the final window is closed, any blob:UUID URLs that were created by websites are purged. [13]

New Tor Circuit Design[edit]

The "New Tor Circuit for this Site" Torbutton feature sends the "newnym" signal to the Tor control port to cause a new circuit to be created for the current Tor Browser tab. [14] Other open tabs and windows from the same website will use the new circuit as well once they have reloaded, but connections to other websites on separate tabs are not affected. [15]

Security Slider Design[edit]

The Security Level preference tab and Tor Project manual describe the exact effect of each level and which features are disabled or partially disabled. Note that as of Tor Browser release v8.5, the security slider function has shifted from Torbutton to the taskbar ("shield" icon). [16] [17]

Table: Security Slider Settings [18]

Setting Description
Standard
  • All Tor Browser and website features are enabled.
Safer
  • Dangerous website features are disabled; some sites lose functionality.
  • On non-HTTPS sites, JavaScript is disabled.
  • Some fonts and maths symbols are disabled.
  • WebGL and HTML5 media (like audio and video) are click-to-play.
Safest
  • Only website features required for basic services and static sites are allowed; images, media and scripts are affected.
  • Javascript is disabled on all sites; some images, fonts, icons and math symbols are disabled.
  • HTML5 media (like audio and video) are click-to-play.

Disabled Torbutton Functions[edit]

Open Network Settings[edit]

Info Whonix ™ has modified environment variables to prevent visibility of the "Open Network Settings..." menu option in Tor Browser.

The regular Tor Browser Bundle from The Tor Project (without Whonix ™) allows networking settings to be changed inside Tor via the Open Network Settings menu option. It has the same effect as editing Tor's torrc configuration file.

In Whonix ™, the environment variable export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 has been set to disable the TorButtonOpen Network Settings... menu item. It is not useful and confusing to have in the Whonix-Workstation ™ because: [19] [20]

  • In Whonix ™, there is only limited access to Tor's control port (see Dev/CPFP for more information).
  • For security reasons, Tor must be manually configured via /usr/local/etc/torrc.d/50_user.conf in Whonix-Gateway ™, and not inside Whonix-Workstation ™ (see VPN/Tunnel support for more information).

Tor Circuit View[edit]

Info Whonix ™ has removed the Tor Circuit View from Torbutton for security reasons.

Normally this option in Torbutton shows the three Tor relays used for the website in the current tab. This includes the IP addresses of each and the countries they are located in, and whether a bridge is being used (see below). The node immediately above the destination website reflects the Tor exit relay. [21]

Figure: Tor Circuit View - Disabled in Whonix [22]

Tor Browser Bundle's Improved Circuit Display

SecBrowser[edit]

As noted in the SecBrowser chapter:

SecBrowser is a derivative of the Tor Browser Bundle (which itself is a derivative of Mozilla Firefox) but without Tor. This means unlike Tor Browser, SecBrowser does not route traffic over the Tor network, which in common parlance is referred to as "clearnet" traffic. Even without the aid of the Tor network, SecBrowser still benefits from the numerous patches that Tor developers merged into the code base.

For Qubes' Debian VM users, [23] SecBrowser is a viable option for improved privacy and security when undertaking clearnet browsing. Benefits include: disabled WebRTC, Tor's security slider, NoScript and HTTPS Everywhere add-ons are installed by default, improved DNS and proxy configuration obedience, and reproducible builds.

If you are interested in running SecBrowser, then refer to these resources:

As this is a brand new feature, it is recommended to also review the forum discussion in relation to this topic before proceeding.

Custom Homepage[edit]

It is unclear whether setting a custom homepage in Tor Browser settings will currently work. Previous attempts lead to the Whonix ™ default homepage being loaded on startup, even though a different homepage was manually set. The custom homepage only appeared following use of the New Identity function. [24]

The whonix-welcome-page package currently sets the environment variable TOR_DEFAULT_HOMEPAGE to /usr/share/homepage/whonix-welcome-page/whonix.html when setting the Tor Browser homepage. This is done via the bash script file [25] associated with the package. In light of this design, there are three possible options for a user-set custom homepage (untested):

  1. Attempting to purge the whonix-welcome-page package. [26] This solution is difficult due to technical limitations as explained on the Whonix ™ Debian Packages page.
  2. Modifying /usr/lib/whonix-welcome-page/env_var.sh. [27] Unfortunately these changes will revert after an upgrade.
  3. Setting the environment variable TOR_DEFAULT_HOMEPAGE to a custom value. This would have a similar effect as setting environment variables as outlined in Tor Browser Transparent Proxying.

A recent forum discussion in relation to this topic can be found here.

Custom Configurations[edit]

Info Custom configurations is an advanced topic. Only a small minority will ever need to apply the steps in this section.

Verify New Identity[edit]

Info Usually this action is only necessary for custom configurations, like when using a Whonix-Custom-Workstation ™.

If attempts to create a New Identity fail, then a related Torbutton notification should appear once the extension realizes it cannot connect to Tor's ControlPort. If this error notification does not appear, then it likely means there are no problems.

After Tor Browser is restarted, click "IP Check" on the landing page. This will redirect to https://check.torproject.org automatically, but the URL can be manually entered if preferred. In most, but not all cases [28] a new Tor exit relay will be received, with a different IP address being reported.

On Whonix-Gateway ™, examine the Control Port Filter Proxy log while using TorButton's New Identity feature.

sudo journalctl -f -u onion-grater

If the output is similar to the following.

Aug 16 05:30:19 host onion-grater[2316]: 10.137.0.10:41334 (filter: 30_autogenerated): → SIGNAL NEWNYM
Aug 16 05:30:19 host onion-grater[2316]: 10.137.0.10:41334 (filter: 30_autogenerated): <- 250 OK

Then the Control Port Filter Proxy received both the request from Tor Browser and Tor confirmation that it worked.

Get a New Identity without Tor ControlPort Access[edit]

Info This action is usually only needed for custom configurations, like when not using the Control Port Filter Proxy.

Simulate TorButton's functionality via these steps.

  1. Close Tor Browser.
  2. Get a new identity in Whonix-Gateway ™ using arm.
  3. Start Tor Browser again.

The procedure is complete.

Proxy Settings[edit]

Info These steps are usually only needed for advanced tunneling scenarios.

Remove Proxy Settings[edit]

To remove Tor Browser proxy settings (set no proxy), apply the following instructions.

Introduction

This configuration means Tor Browser will no longer use proxy settings. With no proxy set, Tor Browser uses the (VM) system's default networking. This is identical to any other application inside the Whonix-Workstation ™ that has not been explicitly configured to use Tor via socks proxy settings or a socksifier. This setting is also called transparent torification. [29]

Note: This action will break both the Stream Isolation for Tor Browser and Tor Browser's tab isolation by socks user name. This worsens the web fingerprint and causes the user to be pseudonymous, rather than anonymous. To mitigate these risks, consider using More than one Tor Browser in Whonix ™, or better yet, Multiple Whonix-Workstation ™s.

If these settings are changed, expect Tor Button to show a red sign and state "Tor Disabled" if a mouse is hovered over it.

To enable transparent torification (no proxy setting), set the TOR_TRANSPROXY=1 environment variable. There are several methods, but the #/etc/environment Method is the simplest one.

Note: Choose only 1 method to enable transparent torification.

For other methods with finer granulated settings, please press on Expand on the right.

Command Line Method

Navigate to the Tor Browser folder.

cd ~/tor-browser_en-US

Every time Tor Browser is started, run the following command to set the TOR_TRANSPROXY=1 environment variable.

TOR_TRANSPROXY=1 ./start-tor-browser.desktop

start-tor-browser Method

This only applies to a single instance of the Tor Browser folder that is configured. This method may not persist when Tor Browser is updated.

Find and open start-tor-browser in the Tor Browser folder in an editor.

This is most likely in ~/tor-browser_en-US/Browser/start-tor-browser below #!/usr/bin/env bash.

Set.

export TOR_TRANSPROXY=1

/etc/environment Method

This will apply to the whole environment, including any possible custom locations of Tor Browser installation folders. [30]

Open /etc/environment in an editor with root rights.

This box uses lxsudo for root privilege escalation and mousepad as editor. These are examples. Other tools could archive the same goal too. If these example tools do not work for you or if you are not using Whonix, please press on Expand on the right side.

The easiest would be to install these example tools lxsudo mousepad so you can keep copying and pasting these instructions.

Update the package lists.

sudo apt-get update

Upgrade the system.

sudo apt-get dist-upgrade

Install the --no-install-recommends lxsudo mousepad package.

sudo apt-get install --no-install-recommends lxsudo mousepad

The procedure is complete.

Alternatively you could also use other tools which may already be installed by default.

gksudo gedit /etc/environment

sudoedit /etc/environment

If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

lxsudo mousepad /etc/environment

If you are using a terminal-only Whonix, run.

sudo nano /etc/environment

Add the following line.

TOR_TRANSPROXY=1

Save and reboot.

Undo

Reverting this change is undocumented. Simply unsetting that environment variable will not work due to Tor Browser limitations. The easiest way to undo this setting is to install a fresh instance of Tor Browser (please contribute to these instructions)!

Ignore Tor Button's Open Network Settings

Whonix has disabled the Open Network Settings... menu option in Tor Button. Read the footnote for further information. [31]

Change Proxy Settings[edit]

Info These instructions do not apply to accessing local web-interfaces.

Complete the following steps inside Whonix-Workstation ™ (anon-whonix).

1. Launch Tor Browser and enter about:config into the URL bar.

Change the following settings:

  • extensions.torbutton.use_nontor_proxy;true
  • network.proxy.no_proxies_on;0

2. Add the CGI HTTP proxy address and port number to the following strings.

  • network.proxy.http;
  • network.proxy.http_port;

3. If a HTTPS proxy is in use, modify the following strings instead.

  • network.proxy.ssl;
  • network.proxy.ssl_port;

This process can be repeated with web socks proxies, but it is redundant and does not provide any advantage over the former types. The reason is because only Tor Browser is modified and no other programs are being tunneled through it.

Backup and Restore[edit]

It is possible to restore data from an old browser profile to a new browser profile. Regular Firefox documentation applies, except different file paths must be inspected.

In the old browser folder ~/.tb/tor-browser search for the following files:

  • ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/key4.db - This file stores the key database for passwords. To transfer saved passwords, this file and the one immediately below must be copied.
  • ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/logins.json - Saved passwords.
  • ~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite - Bookmarks, downloads and browsing history.

Either backup these files or backup the whole browser folder, which is safer. Afterwards, copy them over after re-downloading Tor Browser.

Restore Backup[edit]

These Restore Backup instructions are untested and possibly incomplete.

Permission Fix[edit]

When restoring a backup, sometimes a fix is necessary due to lost file permissions. Note that the fix below has not yet been tested.

To apply a general permission fix, run.

sudo chown --recursive user:user /home/user

Retrieve a list of executable files from a a functional Tor Browser version. Ideally it should be the same version as the one you are attempting to restore, possibly in a separate VM.

find ~/.tb/tor-browser/ -type f -executable -print

Then chmod +x all of these files.

In the collapsible section you can find a list created in June 2019. It might be outdated by now so you might have to create your own. Please press on Expand on the right.

chmod +x /home/user/.tb/tor-browser/Browser/libmozavcodec.so
chmod +x /home/user/.tb/tor-browser/Browser/libplds4.so
chmod +x /home/user/.tb/tor-browser/Browser/libnspr4.so
chmod +x /home/user/.tb/tor-browser/Browser/libsmime3.so
chmod +x /home/user/.tb/tor-browser/Browser/updater
chmod +x /home/user/.tb/tor-browser/Browser/libxul.so
chmod +x /home/user/.tb/tor-browser/Browser/libssl3.so
chmod +x /home/user/.tb/tor-browser/Browser/libmozgtk.so
chmod +x /home/user/.tb/tor-browser/Browser/plugin-container
chmod +x /home/user/.tb/tor-browser/Browser/gtk2/libmozgtk.so
chmod +x /home/user/.tb/tor-browser/Browser/libnss3.so
chmod +x /home/user/.tb/tor-browser/Browser/liblgpllibs.so
chmod +x /home/user/.tb/tor-browser/Browser/execdesktop
chmod +x /home/user/.tb/tor-browser/Browser/abicheck
chmod +x /home/user/.tb/tor-browser/Browser/libmozavutil.so
chmod +x /home/user/.tb/tor-browser/Browser/libmozsqlite3.so
chmod +x /home/user/.tb/tor-browser/Browser/libnssdbm3.so
chmod +x /home/user/.tb/tor-browser/Browser/libnssckbi.so
chmod +x /home/user/.tb/tor-browser/Browser/libsoftokn3.so
chmod +x /home/user/.tb/tor-browser/Browser/libmozsandbox.so
chmod +x /home/user/.tb/tor-browser/Browser/firefox.real
chmod +x /home/user/.tb/tor-browser/Browser/libnssutil3.so
chmod +x /home/user/.tb/tor-browser/Browser/libfreeblpriv3.so
chmod +x /home/user/.tb/tor-browser/Browser/start-tor-browser
chmod +x /home/user/.tb/tor-browser/Browser/libplc4.so
chmod +x /home/user/.tb/tor-browser/Browser/start-tor-browser.desktop
chmod +x /home/user/.tb/tor-browser/Browser/firefox
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libssl.so.1.0.0
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libstdc++/libstdc++.so.6
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libevent-2.1.so.6
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy-lib/libgmp.so.10
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy/tests/test_record_layer.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy/cli.py
/home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/obfs4proxy
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/meek-client
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.wrapper
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/meek-client-torbrowser
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.bin
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_bit_ops.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test4.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test3.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test1.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test6.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test4.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test6.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test5.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test2.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/__init__.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test2.dfa
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test1.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test5.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test3.regex
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/__init__.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_encrypter.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_encoder.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/cDFA.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/encoder.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/conf.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/encrypter.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/rank_unrank.cc
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/rank_unrank.h
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/bit_ops.py
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/cDFA.cc
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/obfsproxy.bin
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/python/sendmsg.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Util/strxor.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_AES.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC2.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_CAST.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES3.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_Blowfish.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA256.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA512.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD2.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_RIPEMD160.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA384.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA224.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD4.so
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libcrypto.so.1.0.0
chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/tor
chmod +x /home/user/.tb/tor-browser/start-tor-browser.desktop

Local Connections Exception Threat Analysis[edit]

Info This section applies to those who are configuring an exception for Local Connections in Tor Browser.

According to this Firefox ticket, JavaScript can be abused to scan internal networks, fingerprint devices, and make malicious commands to those devices if they have a web interface.

In Whonix ™, there are no embedded devices attached to an internal network; it is isolated and untrusted. However, malicious Javascript can reveal to an attacker that a service is running on a localhost port. Consequently, this can reduce the user's anonymity set. Further, daemons listening on the localhost can be maliciously misconfigured, but this has limited impact because traffic is still forced through Whonix-Gateway ™.

For further reading on this topic, see this related Whonix ™ Forum topic and Tor Browser bug report.

The configured exception means a small trade-off in privacy, but it is much safer than using another browser. [32]

tor-launcher vs torbrowser-launcher[edit]

tor-launcher and torbrowser-launcher are two completely different things with similar names:

tor-launcher[edit]

Do not be concerned that tor-launcher might result in a Tor over Tor scenario, as this is prevented by Whonix ™ proxy settings. By default, tor-launcher is disabled in Whonix-Workstation ™.

In theory it is possible to remove tor-launcher from TBB, but this would not make any difference. Taking this step is untested and seems unlikely to provide any additional advantages. For that reason, it is best to leave it enabled so the platform has the same tested and functional setup as everyone else.

tor-launcher is not yet available for use in Whonix-Gateway ™. [33]

torbrowser-launcher[edit]

Tor Browser Updater (Whonix ™) (tb-updater) is installed by default and specifically designed to be functional when installed alongside torbrowser-launcher. A possible long-term development goal in Whonix ™ is to deprecate tb-updater and instead install torbrowser-launcher by default. See this forum development discussion if that is of interest.

Platform-specific Issues: Qubes-Whonix ™[edit]

Running Tor Browser in Qubes TemplateVM or DVM Template[edit]

Ambox warning pn.svg.png Do not start Tor Browser in the whonix-ws TemplateVM or whonix-ws-dvm DisposableVM-TemplateVM! It is unexpected behavior and dangerous.

To understand why, please press on Expand on the right.

  • Tor Browser should be used in its stock configuration with as few modifications as possible. This is in accordance with upstream recommendations by The Tor Project.
  • Internet connections are established if Tor Browser is started in a DVM Template -- this risks a compromise of the template and all DisposableVMs based upon it.
  • Various files are created when Tor Browser starts -- these might make an individual pseudonymous rather than anonymous, even if software has been designed against this. It is undesirable to have the same pseudonym linked to all TemplateBasedVMs based on a singular TemplateVM.
  • It is far safer to start Tor Browser for the first time in a TemplateBasedVM, rather than the TemplateVM. It is unrealistic to expect Tor Browser will perform perfectly, without any critical bugs being revealed later on. Current and past Tor Browser issues support this assertion; for example, see here and here.

tb-updater in Qubes TemplateVM[edit]

Tor Browser is installed by default in Whonix-Workstation ™.

Default Behavior[edit]

Whonix-Workstation ™ builds by default automatically run Tor Browser Downloader by Whonix ™ (tb-updater package) (update-torbrowser) following its initial installation within chroot. If the attempt to run the tb-updater package is unsuccessful, then it will fail closed by default and nothing will be installed. As a consequence, this could lead to an error while building Whonix ™ images from source code or when installing Whonix ™ from the repository. Although this is undesirable behavior, developers have still decided to install Tor Browser by default in Whonix-Workstation ™. This means the only way to ensure Tor Browser is really installed by default is to also fail closed when necessary.

Qubes-Whonix-Workstation ™ TemplateVMs by default automatically run update-torbrowser during upgrades of Tor Browser Downloader by Whonix ™ (tb-updater package). If the update-torbrowser process fails, it will fail open by default. In this case, a terminal message will inform that no new Tor Browser could be downloaded, but apt-get will terminate normally. This is necessary to implement the Qubes-Whonix ™ feature ensuring an up-to-date version of Tor Browser is available in freshly created AppVMs. [34]

Update Failures[edit]

If an update failure occurs, this only poses a small inconvenience. The problem is easily solved by one of the following methods:

  1. Running Tor Browser Downloader by Whonix ™ in Whonix-Workstation ™ TemplateVM (whonix-ws) or in a TemplateBased AppVM like anon-whonix.
  2. Using the Internal Updater in a TemplateBased AppVM like anon-whonix.
  3. Manually downloading Tor Browser in a TemplateBased AppVM like anon-whonix.

Optional Package Configuration[edit]

Actions of the tb-updater package can be optionally configured.

1. Open /etc/torbrowser.d/50_user.conf in an editor with root rights.

This box uses lxsudo for root privilege escalation and mousepad as editor. These are examples. Other tools could archive the same goal too. If these example tools do not work for you or if you are not using Whonix, please press on Expand on the right side.

The easiest would be to install these example tools lxsudo mousepad so you can keep copying and pasting these instructions.

Update the package lists.

sudo apt-get update

Upgrade the system.

sudo apt-get dist-upgrade

Install the --no-install-recommends lxsudo mousepad package.

sudo apt-get install --no-install-recommends lxsudo mousepad

The procedure is complete.

Alternatively you could also use other tools which may already be installed by default.

gksudo gedit /etc/torbrowser.d/50_user.conf

sudoedit /etc/torbrowser.d/50_user.conf

If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

lxsudo mousepad /etc/torbrowser.d/50_user.conf

If you are using a terminal-only Whonix, run.

sudo nano /etc/torbrowser.d/50_user.conf

2. Disable automatic downloads.

When the tb-updater package is upgraded in the Qubes-Whonix-Workstation ™ TemplateVM, by default a hard-coded [35] version Tor Browser tarball and signature is automatically downloaded. In order to disable this, add.

tb_install_follow=false

3. Save the file and exit.

Technical Details[edit]

By default, during the Debian maintainer postinst script run in Qubes-Whonix-Workstation ™ TemplateVMs, the folders /var/cache/tb-binary/.cache/tb/ and /var/cache/tb-binary/.tb/tor-browser will be deleted if they exist. tb-updater will then download files to /var/cache/tb-binary/.cache/tb/

find /var/cache/tb-binary/.cache/tb/

/var/cache/tb-binary/.cache/tb/
/var/cache/tb-binary/.cache/tb/temp
/var/cache/tb-binary/.cache/tb/temp/pv_wrapper_fifo
/var/cache/tb-binary/.cache/tb/temp/tbb_remote_folder
/var/cache/tb-binary/.cache/tb/temp/tar_fifo
/var/cache/tb-binary/.cache/tb/temp/sha256_output
/var/cache/tb-binary/.cache/tb/files
/var/cache/tb-binary/.cache/tb/files/sha256sums-unsigned-build.txt.asc
/var/cache/tb-binary/.cache/tb/files/sha256sums-unsigned-build.txt
/var/cache/tb-binary/.cache/tb/last_used_gpg_bash_lib_output_signed_on_date
/var/cache/tb-binary/.cache/tb/tbb_version_last_downloaded_save_file
/var/cache/tb-binary/.cache/tb/RecommendedTBBVersions
/var/cache/tb-binary/.cache/tb/last_used_gpg_bash_lib_output_signed_on_unixtime
/var/cache/tb-binary/.cache/tb/gpgtmpdir
/var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx
/var/cache/tb-binary/.cache/tb/gpgtmpdir/private-keys-v1.d
/var/cache/tb-binary/.cache/tb/gpgtmpdir/trustdb.gpg
/var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
/var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx~
/var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file

After gpg verification, tb-updater will extract the Tor Browser archive to /var/cache/tb-binary/.tb

find /var/cache/tb-binary/.tb

/var/cache/tb-binary/.tb/tor-browser/...

In essence, when a Qubes-Whonix-Workstation ™ AppVM is booted for the first time, the systemd unit file /lib/systemd/system/tb-updater-first-boot.service [36] runs /usr/lib/tb-updater/first-boot-home-population. [37] That script copies /var/cache/tb-binary to /home/user

The result is.

ls -la /home/user/.tb

drwxr-xr-x  6 user user 4096 Jun  8 01:17 .
drwx------ 20 user user 4096 Jun  8 01:17 ..
-rw-r--r--  1 user user    0 Jun  8 01:17 first-boot-home-population.done
drwxr-xr-x  3 user user 4096 Jun  8 01:17 tor-browser

ls -la /home/user/.cache/tb

drwxr-xr-x 5 user user 4096 Jun  8 01:17 .
drwxr-xr-x 3 user user 4096 Jun  8 01:17 ..
-rw-r--r-- 1 user user  167 Jun  8 01:17 RecommendedTBBVersions
drwxr-xr-x 2 user user 4096 Jun  8 01:17 files
drwx------ 3 user user 4096 Jun  8 01:17 gpgtmpdir
-rw-r--r-- 1 user user   26 Jun  8 01:17 last_used_gpg_bash_lib_output_signed_on_date
-rw-r--r-- 1 user user   11 Jun  8 01:17 last_used_gpg_bash_lib_output_signed_on_unixtime
-rw-r--r-- 1 user user    6 Jun  8 01:17 tbb_version_last_downloaded_save_file
drwxr-xr-x 2 user user 4096 Jun  8 01:17 temp

Creating Whonix ™ Using the Build Script[edit]

If Qubes-Whonix ™ is built with the available script and it should fail open in general, then before building in chroot a file /etc/torbrowser.d/50_user.conf must be created with the following content.

anon_shared_inst_tb=open

If Qubes-Whonix ™ is built with the available script and skipping the initial download of Tor Browser is preferred, then before building Whonix ™ in chroot a file /etc/torbrowser.d/50_user.conf must be created with the following content.

tb_install_in_chroot=false

tb-updater in Qubes DVM Template[edit]

Ambox warning pn.svg.png Tor Browser Downloader by Whonix ™ should not be launched in DVM Templates (whonix-ws-15-dvm)!

The only safe place to run Tor Browser Downloader by Whonix ™ is in either:

  • The TemplateVM (whonix-ws-15); or
  • The AppVM which is based on this template (anon-whonix).

The reason is because Tor Browser is stored in folder /var/cache/tb-binary which is non-persistent in Qubes' DVM Template (whonix-ws-15-dvm), but persistent in Qubes' TemplateVM (whonix-ws-15).

Table: Qubes R4 Inheritance and Persistence

Inheritance [38] Persistence [39]
TemplateVM n/a Everything
TemplateBasedVM /etc/skel/ to /home/ /rw/ (includes /home/ and bind-dirs)
DVM Template [40] /etc/skel/ to /home/ /rw/ (includes /home/, /usr/local and bind-dirs)
DisposableVM /rw/ (includes /home/, /usr/local and bind-dirs) Nothing

To learn more about persistence, see here or here.

Updating Tor Browser in Qubes' TemplateVM whonix-ws-15 is sufficient to make a copy of the latest Tor Browser available to all newly created AppVMs based upon it.

DVM Template Customization[edit]

Forum topic: How to customize Tor Browser in a Whonix ™ TemplateBased DVM?

Customization is discouraged! To start Tor Browser from the command line or in debugging mode in a Qubes DVM Template, please press Expand on the right.

Option 1: /etc/torbrowser.d/ Settings Method[edit]

See the warning above if intending to launch either torbrowser or update-torbrowser in the DVM Template.

1. In Whonix-Workstation ™ TemplateVM whonix-ws-15.

Open /etc/torbrowser.d/50_user.conf in an editor with root rights.

This box uses lxsudo for root privilege escalation and mousepad as editor. These are examples. Other tools could archive the same goal too. If these example tools do not work for you or if you are not using Whonix, please press on Expand on the right side.

The easiest would be to install these example tools lxsudo mousepad so you can keep copying and pasting these instructions.

Update the package lists.

sudo apt-get update

Upgrade the system.

sudo apt-get dist-upgrade

Install the --no-install-recommends lxsudo mousepad package.

sudo apt-get install --no-install-recommends lxsudo mousepad

The procedure is complete.

Alternatively you could also use other tools which may already be installed by default.

gksudo gedit /etc/torbrowser.d/50_user.conf

sudoedit /etc/torbrowser.d/50_user.conf

If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

lxsudo mousepad /etc/torbrowser.d/50_user.conf

If you are using a terminal-only Whonix, run.

sudo nano /etc/torbrowser.d/50_user.conf

2. Paste.

tb_qubes_dvm_template() {
   true
}

3. Save and shutdown Whonix-Workstation ™ TemplateVM whonix-ws-15.

sudo poweroff

4. (Re)start the DVM Template (whonix-ws-15-dvm).

Done. The end result is torbrowser and update-torbrowser can be started in the DVM Template (whonix-ws-15-dvm).

Option 2: cd /var/cache/tb-binary/.tb/tor-browser/Browser Method[edit]

1. Open a terminal.

If you are using Qubes-Whonix ™, complete the following steps.

Qubes App Launcher (blue/grey "Q")Whonix-Workstation ™ AppVM (commonly named anon-whonix)Xfce Terminal

If you are using a graphical Whonix with XFCE, run.

Start MenuXfce Terminal

2. Two options are available; see footnote. [41]

To start Tor Browser "normally" from the terminal, change into the Tor Browser folder.

cd /var/cache/tb-binary/.tb/tor-browser/Browser

3. Start Tor Browser in debugging mode.

./start-tor-browser --debug

Note: Tor Browser can also be started manually without the --debug argument.

Split Tor Browser for Qubes[edit]

TODO: Try, review and document Qubes' Split Tor Browser.

Platform-specific Issues: Whonix ™ Custom Linux Workstation[edit]

For instructions on how to configure Tor Browser in a Whonix ™-Custom-Linux-Workstation, see: Whonix ™-Linux-Workstation Tor Browser Settings.

Platform-specific Issues: Windows[edit]

Instructions to configure Tor Browser in a Whonix ™-Custom-Windows-Workstation are untested and unfinished. Please contribute by testing and finishing these Windows Tor Browser Settings instructions.

Tor Browser Update: Technical Details[edit]

Linux Generally[edit]

Updating Tor Browser works differently in Debian and other Linux distributions generally, since it cannot be upgraded with apt-get package sources like most other applications (Whonix ™ is based on Debian). The reason is there are unresolved upstream issues, namely deb packages and/or a deb repository with Tor Browser are not provided:

Tor Browser Developer Georg Koppen (gk) has stated: [42]

We don't have plans to pick this up, but maybe someone from the community...

The usual process for general, non-Whonix ™ Linux platforms supported by The Tor Project is:

  1. Navigate to torproject.org
  2. Download Tor Browser for the relevant platform.
  3. Verify Tor Browser.
  4. Extract Tor Browser inside the home folder.
  5. Launch Tor Browser.

This process is simplified by programs such as torbrowser-launcher (for Debian users) and tb-updater (for Debian and Whonix ™ users), yet Tor Browser is still installed inside of the home folder. For this reason, Tor Browser cannot be updated by package management tools like apt-get.

torbrowser-launcher and tb-updater are Tor Browser installers. torbrowser-launcher (for Debian users) and tb-updater are not Tor Browser updaters. The difference between an installer and an updater is that an installer is incapable of preserving user data after updates -- only an updater can achieve that. In the long term, tb-updater will likely be renamed to tpo-downloader.

Qubes-specific[edit]

Info Prerequisite knowledge: see Qubes R4 Inheritance and Persistence.

The Tor Project requires Tor Browser to be installed inside of the home folder as explained earlier; see Linux Generally. Qubes TemplateBasedAppVMs have their own home folder, independent from the TemplateVM they are based on. This means updates of a Qubes TemplateVM will not update Tor Browser which is already installed in a Qubes TemplateBasedAppVMs home folder. In short, Tor Browser updates are a more cumbersome task in Qubes OS due to Qubes-specific design choices and technical limitations.

Due to these restrictions, the safest configuration that Whonix ™ could implement is to ensure that new AppVMs and DispVMs are created with a copy of the latest Tor Browser version. In essence:

  • When tb-updater is run in a Qubes TemplateVM, it stores Tor Browser in folder /var/cache/tb-binary.
  • When a TemplateBasedAppVM starts and it has never copied Tor Browser before (likely only at first boot), and there is no copy of Tor Browser in /home/user, Tor Browser is copied from /var/cache/tb-binary to /home/user.
    • Existing copies of Tor Browser in the home folder are not overwritten. This is due to an explicit design goal to avoid data loss; see tb-updater in Qubes Template VM for technical details.

Footnotes / References[edit]

  1. https://2019.www.torproject.org/projects/torbrowser/design/#Implementation
  2. This has also informed the development of the Torbutton extension.
  3. 3.0 3.1 3.2 https://2019.www.torproject.org/docs/torbutton/en/design/index.html.en#adversary
  4. 4.0 4.1 4.2 https://2019.www.torproject.org/projects/torbrowser/design/#adversary
  5. Partially explaining the unholy alliance between the corporate sector and government.
  6. This has already been observed.
  7. For instance, there is an estimated 29 bit-identifier based on the browser and desktop window resolution information alone.
  8. This attack is somewhat mitigated by the ocean of Tor traffic, which rapidly increases the rate of false positives when larger traffic sets are analyzed.
  9. https://2019.www.torproject.org/projects/torbrowser/design/#components
  10. https://2019.www.torproject.org/docs/torbutton/en/design/index.html.en#requirements
  11. Some of the design features have been deprecated due to changes in the Tor / Tor Browser design.
  12. https://trac.torproject.org/projects/tor/ticket/523
  13. 13.0 13.1 https://2019.www.torproject.org/projects/torbrowser/design/#new-identity
  14. https://trac.torproject.org/projects/tor/ticket/9442
  15. https://tb-manual.torproject.org/managing-identities/
  16. https://blog.torproject.org/new-release-tor-browser-85
  17. https://trac.torproject.org/projects/tor/ticket/29825
  18. https://tb-manual.torproject.org/en-US/security-slider.html
  19. https://trac.torproject.org/projects/tor/ticket/19652
  20. https://trac.torproject.org/projects/tor/ticket/14100
  21. https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html
  22. New Release: Tor Browser 8.09a9 License: Creative Commons Attribution 3.0 United States License
  23. Debian buster is required.
  24. This is a potential bug since the custom homepage does not overrule the TOR_DEFAULT_HOMEPAGE environment variable. No bug has yet been reported.
  25. Also /usr/lib/whonix-welcome-page/env_var.sh
  26. sudo apt-get purge whonix-welcome-page
  27. Open /usr/lib/whonix-welcome-page/env_var.sh in an editor with root rights.

    This box uses lxsudo for root privilege escalation and mousepad as editor. These are examples. Other tools could archive the same goal too. If these example tools do not work for you or if you are not using Whonix, please press on Expand on the right side.

    The easiest would be to install these example tools lxsudo mousepad so you can keep copying and pasting these instructions.

    Update the package lists.

    sudo apt-get update

    Upgrade the system.

    sudo apt-get dist-upgrade

    Install the --no-install-recommends lxsudo mousepad package.

    sudo apt-get install --no-install-recommends lxsudo mousepad

    The procedure is complete.

    Alternatively you could also use other tools which may already be installed by default.

    gksudo gedit /usr/lib/whonix-welcome-page/env_var.sh

    sudoedit /usr/lib/whonix-welcome-page/env_var.sh

    If you are using a graphical Whonix or Qubes-Whonix ™ with XFCE, run.

    lxsudo mousepad /usr/lib/whonix-welcome-page/env_var.sh

    If you are using a terminal-only Whonix, run.

    sudo nano /usr/lib/whonix-welcome-page/env_var.sh

  28. Getting a new circuit does not guarantee receiving a new exit relay; this is normal behavior. Also see: Stream Isolation.
  29. This term was coined in context of a Tor Transparent Proxy. It acts as a simple gateway that routes all connections through Tor, but does not provide Stream Isolation.
  30. Unless this environment variable is manually unset before starting Tor Browser.
  31. The regular Tor Browser Bundle from The Tor Project (without Whonix ™) allows networking settings to changed inside Tor via the Open Network Settings menu option. It has the same effect as editing Tor's config file torrc. In Whonix ™, the environment variable export TOR_NO_DISPLAY_NETWORK_SETTINGS=1 has been set to disable the TorButtonOpen Network Settings... menu item. It is not useful and confusing to have in the Whonix-Workstation ™ because:
    • In Whonix ™, there is only limited access to Tor's control port (see Dev/CPFP for more information).
    • For security reasons, Tor must be manually configured in /usr/local/etc/torrc.d/50_user.conf on the Whonix-Gateway ™, and not from the Whonix-Workstation ™ (see VPN/Tunnel support for more information).
  32. https://trac.torproject.org/projects/tor/ticket/10419#comment:37
  33. https://phabricator.whonix.org/T118
  34. Which is in turn inherited from updated TemplateVMs.
  35. In the tb-updater package.
  36. https://github.com/Whonix/tb-updater/blob/master/lib/systemd/system/tb-updater-first-boot.service
  37. https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population
  38. Upon creation.
  39. Following shutdown.
  40. https://github.com/QubesOS/qubes-issues/issues/4175
  41. /usr/bin/torbrowser simply navigates to the Tor Browser folder and runs ./start-tor-browser. The former has more features like reporting error conditions or the absence of a Tor Browser folder, generation of non-zero exit code failures and more.
  42. https://trac.torproject.org/projects/tor/ticket/5236#comment:45

License[edit]

Whonix ™ Tor Browser Advanced Topics wiki page Copyright (C) Amnesia <amnesia at boum dot org>

Whonix ™ Tor Browser Advanced Topics wiki page Copyright (C) 2012 - 2018 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>

This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.

This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.


No comments for now due to spam. Use Whonix forums instead.


Random News:

Love Whonix and want to help spread the word? You can start by telling your friends or posting news about Whonix on your website, blog or social media.


https | (forcing) onion

Follow: Twitter | Facebook | gab.ai | Stay Tuned | Whonix News

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc.

Whonix ™ is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint.