Tor Browser Advanced Topics
From Whonix
< Tor Browser
Tor Browser Adversary Model[edit]
The Tor Browser design has carefully considered the goals, capabilities and types of attacks undertaken by adversaries and planned accordingly. The design specifications address:
Adversary Goals[edit]
Table: Adversary Goals [3] [4]
Adversary Goals | Description |
---|---|
Anonymity Set Reduction (Fingerprinting) | To identify specific individuals, system data like the browser build, timezone or display resolution is used to track down (or at least track) their activities. |
Bypassing Proxy Settings | Directly compromising and bypassing Tor, or forcing connections to specific IP addresses. |
Correlating Activity across Multiple Sites | Learning if the person who visited site A is the same person who visited site B, in order to serve targeted advertisements. |
Correlating Tor and Non-Tor activity | If a proxy bypass is not possible, correlation of Tor and non-Tor activity is sought via cookies, cache identifiers, JavaScript events and Cascading Style Sheets (CSS). |
History Disclosure | Querying user history for censored search queries or websites. |
History Records and other On-disk Information | Seizing the computers of all Tor users in a given area and extracting history records, cache data, hostnames and disk-logged spoofed MAC address history. |
Location Information | Seeking timezone and locality information to determine if the user originates from a specific region they are trying to control, or focusing in on dissidents or whistleblowers. |
Adversary Positioning Capabilities[edit]
Table: Positioning Capabilities [3] [4]
Location | Description |
---|---|
Adservers and/or Malicious Websites | Running websites or contracting ad space from adservers to inject content. Reducing a Tor user's anonymity is also good for marketing purposes. [5] |
Exit Node or Upstream Router | Running exit nodes or controlling routers upstream of exit nodes. [6] |
Local Network / ISP / Upstream Router | Injecting malicious content at the upstream router when Tor is disabled in order to correlate Tor and non-Tor activity. Additionally, block Tor or attempt to recognize traffic patterns of specific web pages at the entrance to the Tor network. |
Physical Access | Constant or intermittent physical access to computer equipment. This may happen to Internet cafe users or those in jurisdictions where equipment is confiscated due to general suspicion or solely for Tor use. |
Adversary Attack Capabilities[edit]
Warning: Advanced adversaries have numerous surveillance methods and attack vectors to deanonymize and spy on individuals.
Table: Attack Capabilities [3] [4]
Attack Capabilities | Description |
---|---|
Inserting CSS |
|
Inserting JavaScript |
|
Inserting or Exploiting Plugins |
|
Reading and Inserting Identifiers |
|
Other Attacks |
|
Torbutton Design[edit]
With the release of Tor Browser 9.0 [archive] in late-2019, both the Torbutton and Tor Launcher extensions have been tightly integrated into Tor Browser, meaning Torbutton has been moved from the URL bar and neither appears on the about:addons
page. Other changes include the New Identity function shifting to the URL bar and the New Tor Circuit function being accessible via the hamburger menu. As noted by Tor developers [archive]:
Now that the Tor Browser includes a patched version of Firefox, and because we don't have enough developer resources to keep up with the accelerated Firefox release schedule, the toggle model of Torbutton is no longer supported [archive]. Users should be using Tor Browser, not installing Torbutton themselves.
No functionality has been lost -- Torbutton's functions in Tor Browser behavior have simply moved into direct Firefox patches [archive] [9] which address the following dimensions.
Table: Torbutton Features Integrated into Tor Browser [10] [11]
Feature | Description |
---|---|
Anonymity Set Preservation | Tor Browser should not leak any other anonymity set reducing or fingerprinting information (such as user agent, extension presence, and resolution information) automatically via Tor. |
Disk Avoidance | Tor Browser should not write any Tor-related state to disk, or store it in memory beyond one Tor toggle. |
Interoperability | Tor Browser should inter-operate with third-party proxy switchers that enable the user to switch between a number of different proxies, with full Tor protection. |
Location Neutrality | Tor Browser should not leak location-specific information, like the timezone or locale via Tor. |
Proxy Obedience | Tor Browser must not bypass Tor proxy settings. |
State Separation | Cookies, cache, history, DOM storage, and more accumulated in one Tor state must not be accessible via the network in another Tor state. |
Update Safety | Tor Browser should not perform unauthenticated updates or upgrades via Tor. |
Tor Browser patches and the integrated Torbutton features can potentially disable some functionality or interfere with the proper operation of some Internet sites, but the vast majority of websites work well. To learn more about former Torbutton, see:
- The Torbutton homepage [archive]
- The Torbutton FAQ [archive]
- Torbutton Design Documentation [archive]
- The Torbutton function design section immediately below.
New Identity Design[edit]
The Tor Browser design document describes the full features provided by this extension: [12] [13]
- Disables Javascript and plugins on all tabs and windows.
- Stops all page activity for each tab.
- Clears the Tor Browser state:
- OCSP state.
- Content and image cache.
- Site-specific zoom.
- Cookies and DOM storage.
- The safe browsing key.
- Google Wi-Fi geolocation token.
- Last opened URL preference (if it exists).
- Searchbox and findbox text.
- Purge session history.
- HTTP authentication.
- SSL session IDs.
- Crypto tokens.
- Site-specific content preferences.
- Undo tab history.
- Offline storage.
- Domain isolator state.
- NoScript's site and temporary permissions.
- All other browser site permissions.
- Closes all remaining HTTP keep-alive connections.
- Sends Tor the "newnym" signal to issue a new Tor circuit.
After this process above, a fresh browser window is opened and the current browser window is closed (this does not spawn a new Firefox process, only a new window). When the final window is closed, any blob:UUID URLs that were created by websites are purged. [13]
New Tor Circuit Design[edit]
The "New Tor Circuit for this Site" feature sends the "newnym" signal to the Tor control port to cause a new circuit to be created for the current Tor Browser tab. [14] Other open tabs and windows from the same website will use the new circuit as well once they have reloaded, but connections to other websites on separate tabs are not affected. [15]
Security Slider Design[edit]
The Security Level preference tab and Tor Project manual describe the exact effect of each level and which features are disabled or partially disabled. Note that as of Tor Browser release v8.5, the security slider function has shifted from Torbutton to the taskbar ("shield" icon). [16] [17]
Table: Security Slider Settings [18]
Setting | Description |
---|---|
Standard |
|
Safer |
|
Safest |
|
Disabled Tor Browser Functions[edit]
Open Network Settings[edit]
Whonix ™ has modified environment variables to prevent visibility of the "Open Network Settings..." menu option in Tor Browser.
The regular Tor Browser Bundle from The Tor Project (without Whonix ™) allows networking settings to be changed inside Tor via the Open Network Settings menu option. It has the same effect as editing Tor's torrc configuration file.
In Whonix ™, the environment variable export TOR_NO_DISPLAY_NETWORK_SETTINGS=1
has been set [archive] to disable the Tor Browser
→ Open Network Settings...
menu item. It is not useful and confusing to have in the Whonix-Workstation ™ because: [19] [20]
- In Whonix ™, there is only limited access to Tor's control port (see Control Port Filter Proxy for more information).
- For security reasons, Tor must be manually configured via /usr/local/etc/torrc.d/50_user.conf in Whonix-Gateway ™, and not inside Whonix-Workstation ™ (see VPN/Tunnel support for more information).
Tor Circuit View[edit]
Normally this option in Tor Browser shows the three Tor relays used for the website in the current tab. This includes the IP addresses of each and the countries they are located in, and whether a bridge is being used (see below). The node immediately above the destination website reflects the Tor exit relay. [21]
Figure: Tor Circuit View - Disabled in Whonix [22]
The Control Port Filter Proxy configuration in Whonix ™ intentionally does not whitelist the Tor control protocol commands that would be required for Tor Circuit View to function. This information is made unavailable to Whonix-Workstation ™ because Whonix-Workstation ™ should not have access to IP address information. If unavailable it cannot leak. Otherwise malicious or broken applications could leak it. Users might also unintentionally make screenshots of this information. One of the main advantages of Whonix ™ is, that there is no way to determine the real external IP address of the user from within Whonix-Workstation ™. Therefore also the IP address of the Tor entry guard or bridge as well as Tor middle relay should be inaccessible from Whonix-Workstation ™. Otherwise this information might aid an attacker who gained remote code execution capability within Whonix-Workstation ™.
Custom Homepage[edit]
It is unclear whether setting a custom homepage [archive] in Tor Browser settings will currently work. Previous attempts lead to the Whonix ™ default homepage being loaded on startup, even though a different homepage was manually set. The custom homepage only appeared following use of the New Identity function. [23]
The whonix-welcome-page [archive] package currently sets the environment variable [archive] TOR_DEFAULT_HOMEPAGE to /usr/share/homepage/whonix-welcome-page/whonix.html when setting the Tor Browser homepage. This is done via the bash script file [archive] [24] associated with the package. In light of this design, there are three possible options for a user-set custom homepage (untested):
- Attempting to purge the whonix-welcome-page package. [25] This solution is difficult due to technical limitations as explained on the Whonix ™ Debian Packages page.
- Modifying /usr/lib/whonix-welcome-page/env_var.sh. [26] Unfortunately these changes will revert after an upgrade.
- Setting the environment variable TOR_DEFAULT_HOMEPAGE to a custom value. This would have a similar effect as setting environment variables as outlined in Tor Browser Transparent Proxying.
A recent forum discussion in relation to this topic can be found here [archive].
Custom Configurations[edit]
Custom configurations is an advanced topic. Only a small minority will ever need to apply the steps in this section.
Verify New Identity[edit]
Usually this action is only necessary for custom configurations, like when using a Whonix-Custom-Workstation ™.
If attempts to create a New Identity fail, then a related Tor Browser notification should appear once it realizes it cannot connect to Tor's ControlPort. If this error notification does not appear, then it likely means there are no problems.
After Tor Browser is restarted, click "IP Check" on the landing page. This will redirect to https://check.torproject.org [archive] automatically, but the URL can be manually entered if preferred. In most, but not all cases [27] a new Tor exit relay will be received, with a different IP address being reported.
On Whonix-Gateway ™, examine the Control Port Filter Proxy log while using Tor Browser's New Identity feature.
sudo journalctl -f -u onion-grater
If the output is similar to the following.
Aug 16 05:30:19 host onion-grater[2316]: 10.137.0.10:41334 (filter: 30_autogenerated): → SIGNAL NEWNYM Aug 16 05:30:19 host onion-grater[2316]: 10.137.0.10:41334 (filter: 30_autogenerated): <- 250 OK
Then the Control Port Filter Proxy received both the request from Tor Browser and Tor confirmation that it worked.
Get a New Identity without Tor ControlPort Access[edit]
This action is usually only needed for custom configurations, like when not using the Control Port Filter Proxy.
Simulate Tor Browser's New Identity functionality via these steps.
- Close Tor Browser.
- Get a new identity in Whonix-Gateway ™ using nyx.
- Start Tor Browser again.
The procedure is complete.
Proxy Settings[edit]
Remove Proxy Settings[edit]
To remove Tor Browser proxy settings (set no proxy), apply the following instructions.
Introduction
This configuration results in Tor Browser no longer using proxy settings. With no proxy set, Tor Browser uses the (VM) system's default networking. This is identical to any other application inside Whonix-Workstation ™ that has not been explicitly configured to use Tor via socks proxy settings or a socksifier. This setting is also called transparent torification. [28] [29]
Note: This action will break both Stream Isolation for Tor Browser and Tor Browser's tab isolation by socks user name [archive]. This worsens the web fingerprint and leads to pseudonymous (not anonymous) connections. To mitigate these risks, consider using More than one Tor Browser in Whonix ™, or preferably Multiple Whonix-Workstation ™.
To enable transparent torification (no proxy setting), set the TOR_TRANSPROXY=1
environment variable. There are several methods, but the simplest is the /etc/environment Method.
Note: Choose only one method to enable transparent torification.
For other methods with finer granulated settings, please press on Expand on the right.
Command Line Method
Navigate to the Tor Browser folder.
cd ~/tor-browser_en-US
Every time Tor Browser is started, run the following command to set the TOR_TRANSPROXY=1
environment variable.
TOR_TRANSPROXY=1 ./start-tor-browser.desktop
start-tor-browser Method
This only applies to a single instance of the Tor Browser folder that is configured. This method may not persist when Tor Browser is updated.
Find and open start-tor-browser in the Tor Browser folder with an editor.
This is most likely found in ~/tor-browser_en-US/Browser/start-tor-browser below #!/usr/bin/env bash.
Set.
export TOR_TRANSPROXY=1
/etc/environment Method
This will apply to the whole environment, including any possible custom locations of Tor Browser installation folders. [30]
Open file /etc/environment
in an editor with root rights.
This box uses sudoedit
for better security [archive]. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link.
sudoedit /etc/environment
Add the following line.
TOR_TRANSPROXY=1 ## newline at the end
Save and reboot.
Tor Browser Settings Changes
This step is required since Tor Browser 10. [31]
1. Tor Browser → URL bar → Type: about:config
→ Press Enter
key. → search for and modify
2. network.dns.disabled
→ set to false
3. extensions.torbutton.launch_warning
→ set to false
Undo
Reverting this change is undocumented. Simply unsetting that environment variable will not work due to Tor Browser limitations. The easiest way to undo this setting is to install a fresh instance of Tor Browser (please contribute to these instructions)!
Ignore Tor Button's Open Network Settings
Whonix ™ has disabled the Open Network Settings...
menu option in Tor Button. Read the footnote for further information. [32]
Change Proxy Settings[edit]
These instructions do not apply to accessing local web-interfaces.
Complete the following steps inside Whonix-Workstation ™ (anon-whonix
).
1. Launch Tor Browser and enter about:config
into the URL bar.
Change the following settings:
- extensions.torbutton.use_nontor_proxy;true
- network.proxy.no_proxies_on;0
2. Add the HTTP proxy address and port number to the following strings.
- network.proxy.http;
- network.proxy.http_port;
3. If a HTTPS proxy is in use, modify the following strings instead.
- network.proxy.ssl;
- network.proxy.ssl_port;
This process can be repeated with web socks proxies, but it is redundant and does not provide any advantage over the former types. The reason is because only Tor Browser is modified and no other programs are being tunneled through it.
Backup and Restore[edit]
It is possible to restore data from an old browser profile to a new browser profile. Regular Firefox documentation applies [archive], except different file paths must be inspected.
In the old browser folder ~/.tb/tor-browser
search for the following files:
~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/key4.db
- This file stores the key database for passwords. To transfer saved passwords, this file and the one immediately below must be copied.~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/logins.json
- Saved passwords.~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/places.sqlite
- Bookmarks, downloads and browsing history.
Either backup these files or backup the whole browser folder, which is safer. Afterwards, copy them over after re-downloading Tor Browser.
Restore Backup[edit]
These Restore Backup
instructions are untested and possibly incomplete.
Permission Fix[edit]
When restoring a backup, sometimes a fix is necessary due to lost file permissions. Note that the fix below has not yet been tested.
To apply a general permission fix, run.
sudo chown --recursive user:user /home/user
Retrieve a list of executable files from a functional Tor Browser version. Ideally it should be the same version as the one you are attempting to restore, possibly in a separate VM.
find ~/.tb/tor-browser/ -type f -executable -print
Then chmod +x
all of these files.
In the collapsible section you can find a list created in June 2019. It might be outdated by now so you might have to create your own. Please press on Expand on the right.
chmod +x /home/user/.tb/tor-browser/Browser/libmozavcodec.so chmod +x /home/user/.tb/tor-browser/Browser/libplds4.so chmod +x /home/user/.tb/tor-browser/Browser/libnspr4.so chmod +x /home/user/.tb/tor-browser/Browser/libsmime3.so chmod +x /home/user/.tb/tor-browser/Browser/updater chmod +x /home/user/.tb/tor-browser/Browser/libxul.so chmod +x /home/user/.tb/tor-browser/Browser/libssl3.so chmod +x /home/user/.tb/tor-browser/Browser/libmozgtk.so chmod +x /home/user/.tb/tor-browser/Browser/plugin-container chmod +x /home/user/.tb/tor-browser/Browser/gtk2/libmozgtk.so chmod +x /home/user/.tb/tor-browser/Browser/libnss3.so chmod +x /home/user/.tb/tor-browser/Browser/liblgpllibs.so chmod +x /home/user/.tb/tor-browser/Browser/execdesktop chmod +x /home/user/.tb/tor-browser/Browser/abicheck chmod +x /home/user/.tb/tor-browser/Browser/libmozavutil.so chmod +x /home/user/.tb/tor-browser/Browser/libmozsqlite3.so chmod +x /home/user/.tb/tor-browser/Browser/libnssdbm3.so chmod +x /home/user/.tb/tor-browser/Browser/libnssckbi.so chmod +x /home/user/.tb/tor-browser/Browser/libsoftokn3.so chmod +x /home/user/.tb/tor-browser/Browser/libmozsandbox.so chmod +x /home/user/.tb/tor-browser/Browser/firefox.real chmod +x /home/user/.tb/tor-browser/Browser/libnssutil3.so chmod +x /home/user/.tb/tor-browser/Browser/libfreeblpriv3.so chmod +x /home/user/.tb/tor-browser/Browser/start-tor-browser chmod +x /home/user/.tb/tor-browser/Browser/libplc4.so chmod +x /home/user/.tb/tor-browser/Browser/start-tor-browser.desktop chmod +x /home/user/.tb/tor-browser/Browser/firefox chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libssl.so.1.0.0 chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libstdc++/libstdc++.so.6 chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libevent-2.1.so.6 chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy-lib/libgmp.so.10 chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/zope/interface/_zope_interface_coptimizations.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy/tests/test_record_layer.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy/cli.py /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/obfs4proxy chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/meek-client chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.wrapper chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/meek-client-torbrowser chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fteproxy.bin chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_bit_ops.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test4.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test3.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test1.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test6.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test4.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test6.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test5.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test2.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/__init__.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test2.dfa chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test1.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test5.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/dfas/test3.regex chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/__init__.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_encrypter.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/tests/test_encoder.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/cDFA.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/encoder.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/conf.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/encrypter.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/rank_unrank.cc chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/rank_unrank.h chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/bit_ops.py chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/fte/cDFA.cc chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/obfsproxy.bin chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/runner/portmap.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/python/sendmsg.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/twisted/test/raiser.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Util/strxor.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Util/_counter.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_AES.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC4.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_XOR.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_ARC2.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_CAST.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_DES3.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Cipher/_Blowfish.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA256.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA512.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD2.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_RIPEMD160.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA384.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_SHA224.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/PluggableTransports/Crypto/Hash/_MD4.so chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/libcrypto.so.1.0.0 chmod +x /home/user/.tb/tor-browser/Browser/TorBrowser/Tor/tor chmod +x /home/user/.tb/tor-browser/start-tor-browser.desktop
Local Connections Exception Threat Analysis[edit]
This section applies to those who are configuring an exception for Local Connections in Tor Browser.
According to this [archive] Firefox ticket, JavaScript can be abused to scan internal networks, fingerprint devices, and make malicious commands to those devices if they have a web interface.
In Whonix ™, there are no embedded devices attached to an internal network; it is isolated and untrusted. However, malicious Javascript can reveal to an attacker that a service is running on a localhost port. Consequently, this can reduce the user's anonymity set. Further, daemons listening on the localhost can be maliciously misconfigured, but this has limited impact because traffic is still forced through Whonix-Gateway ™.
For further reading on this topic, see this related Whonix ™ Forum topic [archive] and Tor Browser bug report [archive].
The configured exception means a small trade-off in privacy, but it is much safer than using another browser. [33]
tor-launcher vs torbrowser-launcher[edit]
tor-launcher and torbrowser-launcher are two completely different things with similar names:
- tor-launcher [archive] (screenshots [archive] (w [archive])) is a Tor Controller that has replaced Vidalia [archive]. It is an add-on that is included in the Tor Browser Bundle (TBB) by default.
- torbrowser-launcher [archive] (screenshot [archive]) is an application to download Tor Browser, and is an alternative to Tor Browser Updater (Whonix ™) (tb-updater [archive]).
tor-launcher[edit]
Do not be concerned that tor-launcher might result in a Tor over Tor scenario, as this is prevented by Whonix ™ proxy settings. By default, tor-launcher is disabled in Whonix-Workstation ™.
In theory it is possible to remove tor-launcher from TBB, but this would not make any difference. Taking this step is untested and seems unlikely to provide any additional advantages. For that reason, it is best to leave it enabled so the platform has the same tested and functional setup as everyone else.
tor-launcher is not yet available for use in Whonix-Gateway ™. [34]
torbrowser-launcher[edit]
Tor Browser Updater (Whonix ™) (tb-updater [archive]) is installed by default and specifically designed to be functional when installed alongside torbrowser-launcher. A possible long-term development goal in Whonix ™ is to deprecate tb-updater and instead install torbrowser-launcher by default. See this forum development discussion [archive] if that is of interest.
Platform-specific Issues: Qubes-Whonix ™[edit]
Running Tor Browser in Qubes Template or Disposable Template[edit]
Do not start Tor Browser in the whonix-ws
Template or whonix-ws-dvm
Disposable Template! It is unexpected behavior and dangerous.
To understand why, please press on Expand on the right.
- Tor Browser should be used in its stock configuration with as few modifications as possible. This is in accordance with upstream recommendations by The Tor Project.
- Internet connections are established if Tor Browser is started in a Disposable Template -- this risks a compromise of the template and all Disposables based upon it.
- Various files are created when Tor Browser starts -- these might make an individual pseudonymous rather than anonymous, even if software has been designed against this. It is undesirable to have the same pseudonym linked to all App Qubes based on a singular Template.
- It is far safer to start Tor Browser for the first time in a App Qube, rather than the Template. It is unrealistic to expect Tor Browser will perform perfectly, without any critical bugs being revealed later on. Current and past Tor Browser issues support this assertion; for example, see here [archive] and here [archive].
- See also Unsafe Tor Browser Habits.
tb-updater in Qubes Template[edit]
Tor Browser is installed by default in Whonix-Workstation ™.
Default Behavior[edit]
Whonix-Workstation ™ builds by default automatically run Tor Browser Downloader by Whonix ™ (tb-updater package) (update-torbrowser) following its initial installation within chroot. If the attempt to run the tb-updater package is unsuccessful, then it will fail closed by default and nothing will be installed. As a consequence, this could lead to an error while building Whonix ™ images from source code or when installing Whonix ™ from the repository. Although this is undesirable behavior, developers have still decided to install Tor Browser by default in Whonix-Workstation ™. This means the only way to ensure Tor Browser is really installed by default is to also fail closed when necessary.
Qubes-Whonix-Workstation ™ Templates by default automatically run update-torbrowser during upgrades of Tor Browser Downloader by Whonix ™ (tb-updater package). If the update-torbrowser process fails, it will fail open by default. In this case, a terminal message will inform that no new Tor Browser could be downloaded, but APT will terminate normally. This is necessary to implement the Qubes-Whonix ™ feature ensuring an up-to-date version of Tor Browser [archive] is available in freshly created App Qubes. [35]
Update Failures[edit]
If an update failure occurs, this only poses a small inconvenience. The problem is easily solved by one of the following methods:
- Running Tor Browser Downloader by Whonix ™ in Whonix-Workstation ™ Template (
whonix-ws
) or in an App Qube likeanon-whonix
. - Using the Internal Updater in an App Qube like
anon-whonix
. - Manually downloading Tor Browser in an App Qube like
anon-whonix
.
Optional Package Configuration[edit]
Actions of the tb-updater package can be optionally configured.
Disable Automatic Update Downloads[edit]
1. Open file /etc/torbrowser.d/50_user.conf
in an editor with root rights.
This box uses sudoedit
for better security [archive]. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link.
sudoedit /etc/torbrowser.d/50_user.conf
2. Disable automatic downloads.
When the tb-updater package is upgraded in the Qubes-Whonix-Workstation ™ Template, by default a hard-coded [36] version Tor Browser tarball and signature is automatically downloaded. In order to disable this, add.
tb_install_follow=false
3. Save the file and exit.
Technical Details[edit]
By default, during the Debian maintainer postinst script run in Qubes-Whonix-Workstation ™ Templates, the folders /var/cache/tb-binary/.cache/tb/
and /var/cache/tb-binary/.tb/tor-browser
will be deleted if they exist. tb-updater will then download files to /var/cache/tb-binary/.cache/tb/
find /var/cache/tb-binary/.cache/tb/
/var/cache/tb-binary/.cache/tb/ /var/cache/tb-binary/.cache/tb/temp /var/cache/tb-binary/.cache/tb/temp/pv_wrapper_fifo /var/cache/tb-binary/.cache/tb/temp/tbb_remote_folder /var/cache/tb-binary/.cache/tb/temp/tar_fifo /var/cache/tb-binary/.cache/tb/temp/sha256_output /var/cache/tb-binary/.cache/tb/files /var/cache/tb-binary/.cache/tb/files/sha256sums-unsigned-build.txt.asc /var/cache/tb-binary/.cache/tb/files/sha256sums-unsigned-build.txt /var/cache/tb-binary/.cache/tb/last_used_gpg_bash_lib_output_signed_on_date /var/cache/tb-binary/.cache/tb/tbb_version_last_downloaded_save_file /var/cache/tb-binary/.cache/tb/RecommendedTBBVersions /var/cache/tb-binary/.cache/tb/last_used_gpg_bash_lib_output_signed_on_unixtime /var/cache/tb-binary/.cache/tb/gpgtmpdir /var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx /var/cache/tb-binary/.cache/tb/gpgtmpdir/private-keys-v1.d /var/cache/tb-binary/.cache/tb/gpgtmpdir/trustdb.gpg /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file /var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx~ /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
After gpg verification, tb-updater will extract the Tor Browser archive to /var/cache/tb-binary/.tb
find /var/cache/tb-binary/.tb
/var/cache/tb-binary/.tb/tor-browser/...
In essence, when a Qubes-Whonix-Workstation ™ App Qube is booted for the first time, the systemd unit file /lib/systemd/system/tb-updater-first-boot.service [37] runs /usr/lib/tb-updater/first-boot-home-population. [38] That script copies /var/cache/tb-binary to /home/user
The result is.
ls -la /home/user/.tb
drwxr-xr-x 6 user user 4096 Jun 8 01:17 . drwx------ 20 user user 4096 Jun 8 01:17 .. -rw-r--r-- 1 user user 0 Jun 8 01:17 first-boot-home-population.done drwxr-xr-x 3 user user 4096 Jun 8 01:17 tor-browser
ls -la /home/user/.cache/tb
drwxr-xr-x 5 user user 4096 Jun 8 01:17 . drwxr-xr-x 3 user user 4096 Jun 8 01:17 .. -rw-r--r-- 1 user user 167 Jun 8 01:17 RecommendedTBBVersions drwxr-xr-x 2 user user 4096 Jun 8 01:17 files drwx------ 3 user user 4096 Jun 8 01:17 gpgtmpdir -rw-r--r-- 1 user user 26 Jun 8 01:17 last_used_gpg_bash_lib_output_signed_on_date -rw-r--r-- 1 user user 11 Jun 8 01:17 last_used_gpg_bash_lib_output_signed_on_unixtime -rw-r--r-- 1 user user 6 Jun 8 01:17 tbb_version_last_downloaded_save_file drwxr-xr-x 2 user user 4096 Jun 8 01:17 temp
File Locations[edit]
Browser[edit]
Template:
/var/cache/tb-binary/.tb/tor-browser
Home folder:
~/.tb/tor-browser
user.js[edit]
Path to user.js
in this documentation is just a hint. Whonix ™ does not influence that path, although it might change in later versions of Tor Browser. Any contents inside the /Browser/
folder are unmodified; this is the same as Tor Browser by The Tor Project. Whonix ™ does not perform any modifications.
/var/cache/tb-binary/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
~/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/user.js
Creating Whonix ™ Using the Build Script[edit]
If Qubes-Whonix ™ is built with the available script and it should fail open in general, then before building in chroot a file /etc/torbrowser.d/50_user.conf must be created with the following content.
anon_shared_inst_tb=open
If Qubes-Whonix ™ is built with the available script and skipping the initial download of Tor Browser is preferred, then before building Whonix ™ in chroot a file /etc/torbrowser.d/50_user.conf must be created with the following content.
tb_install_in_chroot=false
tb-updater in Qubes DisposableVM Template[edit]
Tor Browser Downloader by Whonix ™ should not be launched in Disposable Templates (whonix-ws-16-dvm
)!
The only safe place to run Tor Browser Downloader by Whonix ™ is in either:
- The Template (
whonix-ws-16
); or - The App Qube which is based on this template (
anon-whonix
).
The reason is because Tor Browser is stored in folder /var/cache/tb-binary
which is non-persistent in Qubes' Disposable Template (whonix-ws-16-dvm
), but persistent in Qubes' Template (whonix-ws-16
).
Table: Qubes R4 Inheritance and Persistence
Inheritance [39] | Persistence [40] | |
---|---|---|
Template [archive] [41] [42] | n/a | Everything |
App Qubes [archive] [43] | /etc/skel/ to /home/
|
/rw/ (includes /home/ and bind-dirs [archive])
|
Disposable Template [archive] [44] [45] | /etc/skel/ to /home/
|
/rw/ (includes /home/ , /usr/local and bind-dirs [archive])
|
Disposable [archive] [46] [47] | /rw/ (includes /home/ , /usr/local and bind-dirs [archive])
|
Nothing |
To learn more about persistence, see here [archive] or here.
Updating Tor Browser in Qubes' Template whonix-ws-16
is sufficient to make a copy of the latest Tor Browser available to all newly created App Qubes based upon it.
Disposable Template Customization[edit]
Tor Browser customization is discouraged!
To start Tor Browser from the command line or in debugging mode in a Qubes Disposable Template, choose any of the following options below.
Forum discussion: How to customize Tor Browser in a Whonix ™ TemplateBased DVM? [archive]
Option 1: Disposable Template Method[edit]
Using this method, customization would only apply to the Disposable Template and any Disposables based on that Disposable Template.
1. Start Whonix-Workstation ™ Template (whonix-ws-16
).
2. Disable Tor Browser Downloader Disposable Service. [48]
sudo systemctl mask tb-updater-dispvm.service
3. Shutdown Template.
sudo poweroff
4. Open a terminal emulator in Whonix-Workstation ™ Disposable Template whonix-ws-16-dvm
.
Run in dom0 terminal emulator.
qvm-run -a whonix-ws-16-dvm xfce4-terminal
5. Open Tor Browser Starter / Tor Browser Downloader (by Whonix ™ developers) configuration file.
In Whonix-Workstation ™ Disposable Template whonix-ws-16-dvm
:
Create folder /usr/local/etc/torbrowser.d
.
sudo mkdir -p /usr/local/etc/torbrowser.d
Open file /usr/local/etc/torbrowser.d/50_user.conf
in an editor with root rights.
sudoedit /usr/local/etc/torbrowser.d/50_user.conf
6. Paste.
tb_qubes_dvm_template() { true }
7. Save.
8. Tor Browser in Disposable Template.
Running Tor Browser Starter / Tor Browser Downloader (by Whonix ™ developers) in Disposable Template is now possible. [49]
Start Tor Browser.
torbrowser
Optional: Download a new version Tor Browser Downloader by Whonix ™. Read chapter Tor Browser Downloader by Whonix ™ beforehand.
update-torbrowser
9. Customize Tor Browser.
Perform customization changes.
10. Shut down Disposable Template.
sudo poweroff
11. Start Tor Browser in Disposable.
12. Done.
Customized Tor Browser should now be started in the Disposable.
Option 2: Template Method[edit]
Using this method, customization this way would apply to all App Qubes and Disposables based on this Template.
In Whonix-Workstation ™ Template whonix-ws-16
.
1. Open a terminal.
2. Change ownership of Tor Browser.
Change the ownership of the folder from root
to user
to be able to launch the browser from that folder.
sudo chown -R user:user /var/cache/tb-binary
3. Change directory.
cd /var/cache/tb-binary/.tb/tor-browser/Browser
4. Start Tor Browser in debugging mode.
./start-tor-browser --debug
Note: Tor Browser can also be started manually without the --debug
argument.
5. Apply the desired modification.
6. Close Tor Browser.
7. Change back the ownership to root
.
sudo chown -R root:root /var/cache/tb-binary
8. Disable automatic update downloads.
Optional: Consider Disable Automatic Update Downloads since these would overwrite any user modifications. [50]
9. Apply Tor Browser updates.
From time to time when updated for Tor Browser are available, re-apply this procedure and use Tor Browser Internal Updater to update Tor Browser. Alternatively use any other update method as documented on the Tor Browser wiki page.
Note: If using Tor Browser Downloader by Whonix ™, user modifications in folder /var/cache/tb-binary/.tb/tor-browser
will be lost and would need to be re-applied. [50]
Option 3: Manual Method[edit]
It is possible to ignore most of what Whonix ™ has implemented relating to Tor Browser and go back to square one, performing it all manually.
- Start a terminal emulator in Qubes Disposable Template.
- Ignore command
torbrowser
//usr/bin/torbrowser
on the command line. (Ignore Tor Browser Starter by Whonix ™ developers.) - Ignore command
update-torbrowser
//usr/bin/update-torbrowser
on the command line. (Ignore Tor Browser Downloader by Whonix ™ developers.) - Ignore Tor Browser (AnonDist) (by Whonix ™ developers) Qubes start menu entry.
- Manually install Tor Browser to folder
/home/user
as per instructions from The Tor Project. Nothing Whonix ™ specific. Free Support Principle applies. However, instructions for Tor Browser: Manual Download might be handy. - Manually (by ignoring as instructed above) start Tor Browser such as from folder
/home/user/tor-browser
. - Make any desired modifications.
- Close Tor Browser.
- Shutdown Qubes Disposable Template.
- Start a terminal emulator in Disposable.
- Navigate to the folder where you manually installed Tor Browser.
- Start Tor Browser.
Feel free to customize this further such as adding a new Qubes start menu entry. This is outside the scope of this documentation and can be done as per the usual Qubes start menu modification procedures.
Tor over Tor is a non-issue in this case due to minimal Whonix ™ Tor Browser Differences.
The advantage of this method is that whatever Whonix ™ implemented will probably not cause any issues. The disadvantage is slightly reduced usability, such as the superfluous Qubes start menu entry which can be ignored.
Split Tor Browser for Qubes[edit]
TODO: Try, review and document Qubes' Split Tor Browser [archive].
Platform-specific Issues: Whonix ™ Custom Linux Workstation[edit]
For instructions on how to configure Tor Browser in a Whonix ™-Custom-Linux-Workstation, see: Whonix ™-Linux-Workstation Tor Browser Settings.
Platform-specific Issues: Windows[edit]
Instructions to configure Tor Browser in a Whonix ™-Custom-Windows-Workstation are untested and unfinished. Please contribute by testing and finishing these Windows Tor Browser Settings instructions.
Tor Browser Update: Technical Details[edit]
Linux Generally[edit]
Updating Tor Browser works differently in Debian and other Linux distributions generally, since it cannot be upgraded with APT package sources like most other applications (Whonix ™ is based on Debian). The reason is there are unresolved upstream issues, namely deb packages and/or a deb repository with Tor Browser are not provided:
Tor Browser Developer Georg Koppen (gk) has stated: [51]
We don't have plans to pick this up, but maybe someone from the community...
The usual process for general, non-Whonix ™ Linux platforms such as for example Debian supported by The Tor Project is:
- Navigate to torproject.org
- Download Tor Browser for the relevant platform.
- Verify Tor Browser.
- Extract Tor Browser inside the home folder.
- Launch Tor Browser.
This process is simplified by programs such as torbrowser-launcher (for Debian users) and tb-updater (for Debian and Whonix ™ users), yet Tor Browser is still installed inside of the home folder. For this reason, Tor Browser cannot be updated by package management tools like apt.
torbrowser-launcher and tb-updater are Tor Browser installers. torbrowser-launcher (for Debian users) and tb-updater are not Tor Browser updaters. The difference between an installer and an updater is that an installer is incapable of preserving user data after updates -- only an updater can achieve that. In the long term, tb-updater will likely be renamed to tpo-downloader.
Another issue is that Tor Browser mixes binaries and user data into the same folder. Usually binaries used by users in Linux distributions generally reside in folder /usr/bin
and user data resides in folder /home/user
. This is further complicated since Tor Browser folder structure has changed over time. Future changes might happen. Therefore it would be unwise for a downstream Linux distribution such as Whonix ™ to attempt to separate binaries and user data. Since Tor Browser comes with its own internal updater and folder structure might change in future, updates might break or user data might become inaccessible if such attempts were made.
Qubes-specific[edit]
Prerequisite knowledge: see Qubes R4 Inheritance and Persistence.
The Tor Project requires Tor Browser to be installed inside of the home folder as explained earlier; see Linux Generally. Qubes' App Qubes have their own home folder, independent from the Template they are based on. This means updates of a Qubes' Template will not update Tor Browser which is already installed in a Qubes App Qube's home folder. In short, Tor Browser updates are a more cumbersome task in Qubes OS due to Qubes-specific design choices and technical limitations.
Due to these restrictions, the safest configuration that Whonix ™ could implement [archive] is to ensure that new App Qubes and Disposables are created with a copy of the latest Tor Browser version. In essence:
- When tb-updater is run in a Qubes Template, it stores Tor Browser in folder
/var/cache/tb-binary
. - When a App Qube starts and it has never copied Tor Browser before (likely only at first boot), and there is no copy of Tor Browser in
/home/user
, Tor Browser is copied from/var/cache/tb-binary
to/home/user
.- Existing copies of Tor Browser in the home folder are not overwritten. This is due to an explicit design goal to avoid data loss; see tb-updater in Qubes Template VM for technical details.
Since Tor Browser mixes binaries and user data into the same folder, special configurations such as Qubes Disposable Template Customization are more complicated than for other software. This is because either folder /var/cache/tb-binary
is being kept up to date or user data is being preserved. There is no maintainable way for Whonix ™ to separate Tor Browser binaries from user data.
See Also[edit]
Footnotes / References[edit]
- ↑ https://2019.www.torproject.org/projects/torbrowser/design/#Implementation [archive]
- ↑ This has also informed the development of the Torbutton extension.
- ↑ 4.0 4.1 4.2 https://2019.www.torproject.org/projects/torbrowser/design/#adversary [archive]
- ↑ Partially explaining the unholy alliance between the corporate sector and government.
- ↑ This has already been observed.
- ↑ For instance, there is an estimated 29 bit-identifier based on the browser and desktop window resolution information alone.
- ↑ This attack is somewhat mitigated by the ocean of Tor traffic, which rapidly increases the rate of false positives when larger traffic sets are analyzed.
- ↑ https://2019.www.torproject.org/projects/torbrowser/design/#components [archive]
- ↑ https://2019.www.torproject.org/docs/torbutton/en/design/index.html.en#requirements [archive]
- ↑ Some of the design features have been deprecated due to changes in the Tor / Tor Browser design.
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/523 [archive]
- ↑ 13.0 13.1 https://2019.www.torproject.org/projects/torbrowser/design/#new-identity [archive]
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/9442 [archive]
- ↑ https://tb-manual.torproject.org/managing-identities/ [archive]
- ↑ https://blog.torproject.org/new-release-tor-browser-85 [archive]
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/29825 [archive]
- ↑ https://tb-manual.torproject.org/en-US/security-slider.html [archive]
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/19652 [archive]
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/14100 [archive]
- ↑ https://tails.boum.org/doc/anonymous_internet/Tor_Browser/index.en.html [archive]
- ↑ New Release: Tor Browser 8.09a9 [archive] License: Creative Commons Attribution 3.0 United States License [archive]
- ↑ This is a potential bug since the custom homepage does not overrule the TOR_DEFAULT_HOMEPAGE environment variable. No bug has yet been reported.
- ↑ Also /usr/lib/whonix-welcome-page/env_var.sh
- ↑
sudo apt purge whonix-welcome-page
- ↑
Open file
/usr/lib/whonix-welcome-page/env_var.sh
in an editor with root rights.This box uses
sudoedit
for better security [archive]. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link.sudoedit /usr/lib/whonix-welcome-page/env_var.sh
- ↑ Getting a new circuit does not guarantee receiving a new exit relay; this is normal behavior. Also see: Stream Isolation.
- ↑ This term was coined in context of a Tor Transparent Proxy [archive] (.onion [archive]). It acts as a simple gateway that routes all connections through Tor, but does not provide Stream Isolation.
- ↑ If these settings are changed, Tor Button would previously show a red sign and state "Tor Disabled" when a mouse was hovered over it.
- ↑ Unless this environment variable is manually unset before starting Tor Browser.
- ↑
- ↑ The regular Tor Browser Bundle from The Tor Project (without Whonix ™) allows networking settings to changed inside Tor via the
Open Network Settings
menu option. It has the same effect as editing Tor's config file torrc. In Whonix ™, the environment variableexport TOR_NO_DISPLAY_NETWORK_SETTINGS=1
has been set [archive] to disable theTor Browser
→Open Network Settings...
menu item. It is not useful and confusing to have in the Whonix-Workstation ™ because:- In Whonix ™, there is only limited access to Tor's control port (see Dev/CPFP for more information).
- For security reasons, Tor must be manually configured in /usr/local/etc/torrc.d/50_user.conf on Whonix-Gateway ™, and not from Whonix-Workstation ™ (see VPN/Tunnel support for more information).
- ↑ https://gitlab.torproject.org/legacy/trac/-/issues/10419#comment:37 [archive]
- ↑ https://phabricator.whonix.org/T118 [archive]
- ↑ Which is in turn inherited from updated Templates.
- ↑ In the tb-updater package.
- ↑ https://github.com/Whonix/tb-updater/blob/master/lib/systemd/system/tb-updater-first-boot.service [archive]
- ↑ https://github.com/Whonix/tb-updater/blob/master/usr/lib/tb-updater/first-boot-home-population [archive]
- ↑ Upon creation.
- ↑ Following shutdown.
- ↑ https://www.qubes-os.org/doc/templates/ [archive]
- ↑ The former name was TemplateVM.
- ↑ The former name was AppVM or TemplateBasedVM.
- ↑ https://github.com/QubesOS/qubes-issues/issues/4175 [archive]
- ↑ Former names included DisposableVM Template, DVM Template, and DVM.
- ↑ https://www.qubes-os.org/doc/glossary/#disposable [archive]
- ↑ Former names included DisposableVM and DispVM.
- ↑
- This is to prevent mounting
/var/cache/tb-binary/.tb
to/home/user/.tb
. /lib/systemd/system/tb-updater-dispvm.service
/usr/lib/tb-updater/dispvm
sudo mkdir -p /usr/local/lib/systemd/system/
sudo ln -s /dev/null /usr/local/lib/systemd/system/tb-updater-dispvm.service
This is probably because Qubes mounts /usr/local too late to be regarded by systemd.
- This is to prevent mounting
- ↑
When running
torbrowser
(Tor Browser Starter by Whonix ™ developers) in Disposable Template it will first copy/var/cache/tb-binary/.tb/tor-browser
to user home folder/home/user/.tb/tor-browser
. (Folder/var/cache/tb-binary/.tb/tor-browser
was previously created by Tor Browser Downloader (by Whonix ™ developers).) Second, it will start the Tor Browser binary from folder/home/user/.tb/tor-browser
. - ↑ 50.0 50.1
Due to technical limitations. Because whole folder
/var/cache/tb-binary/.tb/tor-browser
is replaced. This is not an intentional user freedom restriction or security feature. - ↑ https://gitlab.torproject.org/legacy/trac/-/issues/5236#comment:45 [archive]
License[edit]
Whonix ™ Tor Browser Advanced Topics wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ Tor Browser Advanced Topics wiki page Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.
Whonix ™ is Supported by Evolution Host DDoS Protected VPS. Stay private and get your VPS with Bitcoin or Monero.
100px | |
Fosshost | About Advertisements |
Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki
Please contribute by helping to answer Whonix ™ questions.
Priority Support | Investors | Professional Support
Whonix ™ | © ENCRYPTED SUPPORT LP | Freedom Software / Open Source (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.