ARM64 Tor Browser

I know that the Tor browser tries to mask itself as the same across all operating systems. Do you know / can you ask whether this build can hide that it runs on a different architecture? Otherwise it does not seem very useful to stay anonymous due to the extremely small user pool


Edit by Patrick:
related:

Even if it were to spoof the useragent it would still be easily defeated. I disagree that it isn’t useful as it still masks a ton of system specific idiosyncrasies. We have to give the community something to work with so that the pool of ARM users can grow one day.

1 Like

Ok that is a good point. Maybe there should be some disclaimer in the Wiki though that it is not appropriate for people who have a high threat model?

Tor Browser already sets the same user agent for example for Windows and Linux. But that doesn’t necessarily mean that detection is no longer possible. Due to other issues which are depend on Tor Browser development status by The Tor Project.

See tbb-linkability [archive] and tbb-fingerprinting [archive].

The question is, how anonymous / pseudonymous is Tor Browser in practice?

See also:

Does it make a difference in practice if the underlying platform (amd64 vs arm64) can be detected if Tor Browser is fingerprintable anyhow?

We have to be careful about what we communicate. When ARM64 Tor Browser gets tagged “not for a high threat model” what does that imply for AMD64 Tor Browser? That it “is for a high threat model”?

Forum thread Whonix experimental for how long resulted in:

Rebrand Whonix as a research project.

  • old: “Whonix is experimental software. Do not rely on it for strong anonymity.”
  • new: “Whonix is a research project.”

Tor Browser is already available for i386, amd64 and Android. Does any of these platforms have a mention “not for a high threat model”?


Tor Browser by The Tor Project for Android already is ARM based.


Also: iOS…

Tor Browser Downloader by Whonix ™ has been improved to support downloading Tor Browser ARM64 from sourceforge.net by Heikki Lindholm.
Related: ARM64 Tor Browser Maintainer

The goal is to make Tor Browser Downloader by Whonix ™ work out of the box on arm64 without special command line options / environment variables required. I guess that already works but I cannot test (due to lack of hardware and or better said due to infeasibility of running unlimited architectures/virtualizers at the same time). Can be used as usual as per documentation, for example:

update-torbrowser

If architecture auto detection fails, that can surely be fixed. Please report. Workaround if that was to happen:

ARCH=arm64 update-torbrowser

In that case please run in debug mode and share the output here.

bash -x update-torbrowser

In case of download / verification failures, please also run in debug mode.

ARCH=arm64 bash -x update-torbrowser

Obviously running Tor Browser ARM64 requires running on the ARM64 architecture. However, testing download/verification of ARM64 Tor Browser downloads can be done on any platform (download TorBrowser would work but starting Tor Browser would fail). To simulate:

ARCH=arm64 update-torbrowser

source code changes:
Comparing 19.8-1...19.9-1 · Kicksecure/tb-updater · GitHub

This is available in Whonix testers repository.
(Package Upgrade Policy)

(And Whonix git tag 15.0.1.8.7-developers-only.)

1 Like

This was working before but now bad news…

Tor Browser ARM64 downloads using tb-updater (by Whonix developers) is currently broken.

background:

Unfortunately this breaks arm64 downloads.

To fix this issue, it would very very much help if ARM64 Tor Browser would support “direct” gpg signatures.

e-mail recipient: ARM64 Tor Browser Maintainer

e-mail subjects:

Tor Browser arm64 builds gpg signatures

e-mail content:

Hello Heikki!

I’d like to switch from sha256sums-unsigned-build.txt to verifying gpg
signatures directly. What I mean by that is this… Upstream currently
for example provides:

  • tor-browser-linux32-11.5a1_en-US.tar.xz as well as
  • tor-browser-linux32-11.5a1_en-US.tar.xz.asc

Verifying the tar.xz.asc would be a bit safer and less code in
tb-updater because then we can skip sha256 and rely on gpg only.

Could you please kindly ask upstream how the tar.xz.asc files are
created? They probably have some script which we just cannot easily
locate in the huge git repository. If possible, could you please
consider adding it to your build process?

Kind regards,
Patrick

date sent:

15 December 2021

status on 06 January 2022

no reply received yet

Tor Browser Ports download | SourceForge.net shows signs of life. ca you please try pinging him again?

1 Like

Done.

Great news!

“direct” gpg signatures are now provided by ARM64 Tor Browser Maintainer.

Therefore this should now be fixed.

1 Like

Not needed for now but just in case…

…gets unavailable:

Tor Browser ARM64 specific currently lags behind in version:

Because of cloudflare.

1 Like

Unfortunately Tor Browser ARM64 Tor Browser Ports download | SourceForge.net lags behind.

Tor Browser ARM64 version 13.0.9 has been released 17 February, 2024

  • While original Tor Browser by the Tor Project:
    • version 13.0.9 has been released January 22, 2024
    • version 13.0.10 has been released February 20, 2024
    • version 13.0.11 has been released March 06, 2024.
2 Likes