Actions

Forcing .onion on Project

From Whonix


Dumbbell-940375640.jpg

Introduction[edit]

Info Note:

  • Consistent use of the Whonix ™ onion service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities and the mainstream Domain Name System and it also reduces the load on Tor exit nodes.
  • The procedure below is not persistent for Tor Browser in Qubes-Whonix ™ DisposableVMs unless the DVM template is customized.

To use .onion services when browsing Whonix ™.org follow the links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository.

Once a user rule is configured, no further intervention is needed to seamlessly browse the Whonix ™ .onion address. Note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating the onion address. [1] Also note that on a few occasions in the past it was not possible to log in to the Whonix ™ forums using the onion address. [2] [3]

HTTPS Everywhere User Rules[edit]

Requirements[edit]

  • The user must have Tor Browser installed, which is the default in Whonix ™.
  • A recent (non-ancient) Tor version. [4]

Background[edit]

HTTPS Everywhere [archive] is a browser add-on produced as a collaboration between the Tor Project and the EFF [archive]. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! [5]

Adding User Rules[edit]

Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPS Everywhere developer jeremyn clearly stated [6]:

HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.

Now that Firefox uses WebExtensions, rules must now be added from the HTTPS Everywhere GUI. The Whonix ™ homepage [archive] is used in this example. Please note it may be necessary to repeat the steps below for redirection of Whonix ™ forums [archive].

  1. Go to the site. (https://www.whonix.org [archive])
  2. Select the "hamburger" icon on the far right of Tor Browser's toolbar and select "customize". Add the HTTPS Everywhere icon to the toolbar. You can remove it later, when you are finished.
  3. Once the site has loaded, click the blue HTTPS Everywhere icon in the upper corner of Tor Browser and select "See more".
  4. Click on "Add a rule for this site".
  5. Click on "Show advanced" under the host field. For each user rule set two fields require editing.
  6. Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken (because the default rule set in the extension already has a rule that redirects from HTTP).
  7. Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive])
  8. Click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, it is necessary to repeat this process.

What if I made a mistake or the rule won't work?
Broken or unwanted rules can be removed by managing the HTTPS Everywhere extension from the add-ons menu.


Technical information: user rules are stored in a sqlite3 binary file that cannot be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope of this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or if a mistake is made.

If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:

{"host":"www.whonix.org","redirectTo":"http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive]","urlMatcher":"^https?://www\\.whonix\\.org/"},

A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before making any changes.

What if I am using a DispVM in Qubes-Whonix ™?
Any changes to the HTTPS Everywhere user rule file will revert to the defaults after the DispVM is stopped. It is necessary to complete these steps again when a new DispVM is launched, unless the DVM template is customized.

Other Rules[edit]

Other similar rulesets -- like those found on the Darkweb Everywhere github page [archive] -- do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.

Onion Service Opt-In[edit]

Tor Browser 9.5 and later features an opt-in for using onion sites automatically for participating websites.[7] [8] Direct connects to onion services are harder to track than the opt-in method, which must make DNS requests and web server connections from an exit node before being able to switch to the onion service.

Footnotes[edit]

  1. The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
  2. https://forums.whonix.org/t/onion-forum-broken/8870 [archive]
  3. This suggests the Whonix ™ forums onion address could become (temporarily) inaccessible in the future.
  4. v3 onion connections require Tor v3.2 or above.
  5. Because of the way most popular web applications are written, they expect to be at one location, for example forums.whonix.org, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service [archive]
  6. See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102 [archive]
  7. https://newsletter.torproject.org/archive/2020-06-30-tor-browser-makes-onion-services-easier-to-find-use/ [archive]
  8. http://a4ygisnerpgtc5ayerl22pll6cls3oyj54qgpm7qrmb66xrxts6y3lyd.onion/archive/2020-06-30-tor-browser-makes-onion-services-easier-to-find-use/index.html [archive]
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png link=mailto:?subject=Forcing .onion on Project&body=./Forcing_.onion_on_Project link=https://reddit.com/submit?url=./Forcing_.onion_on_Project&title=Forcing .onion on Project link=https://news.ycombinator.com/submitlink?u=./Forcing_.onion_on_Project&t=Forcing .onion on Project link=https://mastodon.technology/share?message=Forcing .onion on Project%20./Forcing_.onion_on_Project&t=Forcing .onion on Project

Want to make Whonix ™ safer and more usable? We're looking for helping hands. Check out the Open Issues and development forum.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Forcing_.onion_on_Project&oldid=71400"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information