[graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion


anon-connection-wizard is using bridges_default file to ship the default bridges.

The default bridge used by anon-connection-wizard should be exactly the same bridges contained in bridge_prefs.js shipped with the latest TBB. This is because:

  1. the servers hosting default bridges are set up for huge amount of traffic;
  2. the servers hosting default bridges are probably audited by TPO for better security;
  3. using a different set of bridges will distinguish the anon-connection-wizard bridge users from the TBB bridge users, which compromises their anonymity.

We need a mechanism to synchronize the latest bridge_prefs.js. The following are two ways:

  1. Create a mechanism that automatically convert the bridge_prefs.js to the current bridges_default formatt. Then ship the bridges_default file;
  2. Modify the current bridge parser to be able to extra the bridges from bridge_prefs.js. Then ship the bridge_prefs.js file.

The first solution grantees the bridges_default file shipped to users will work. The difficulty of it will be the implementation of almost full automatic mechanism. (Otherwise, it will be pretty time/effort consuming to detect/extra/update the bridge information manually every time.)

The second solution will heavily relies on the format of bridge_prefs.js file which is controlled by TPO, not Whonix. Maybe a well written RE will be fine to adapt minor changes, however, the risk of be broken after a automatic update can not be eliminated.


Is it possible or a good idea to include bridge_prefs.js in Debian tor package? I guess not.


Worth suggesting to ship some default bridges also with the Debian tor package.

How often does it change? In this quickly evolving field, perhaps better to keep manual? Otherwise, could you please ask what they think how stable the format will be?


Thank you very much for your instructions, Patrick!

I will be working on these two problem!


The development progress of the BridgeDB API can be found here:


Feature request on Debian BTS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872456
Feature request on tor-dev@: https://lists.torproject.org/pipermail/tor-dev/2017-August/012399.html

GSoC with Tor and Whonix: Anon-Connection-Wizard

I will strip the bridges out manually currently. And perhaps write a RE filter script to help me with that. :slight_smile:


David Fifield answered on the tor-dev@:

To get an idea of how frequently the list of default bridges has
changed, see the tbb-bridges keyword in the bug tracker:

The frequency is generally once per month while sometime three times a month.

This RSS feed may be helpful to immediately inform us the new changes.


I apologize that I did not follow up with this.

I am doing the final evaluation of GSoC which requires:

As part of the final evaluation, all participating students must provide a link to the work they have done for the program.


You should share your link with your mentor BEFORE submitting your evaluation to make sure it’s okay.

How do you like the following process, @Patrick ?

  1. I write down a post below introducing the GSoC anon-connection-wizard project;
  2. I post it on Whonix blog after your review and maybe some revision;
  3. I use the URL to the Whonix blog post as the final evaluation link.

Thank you very much for your time! :slight_smile:


GSoC with Tor and Whonix: Anon-Connection-Wizard

Hello everyone! I am iry.

As some of you have noticed, I have been working on an application called anon-connection-wizard as a Google Summer of Code(GSoC) project this year.

I was under the mentor and help of the Whonix core developer @Patrick, and so many other enthusiastic developers including but are not limited to @JasonJAyalaP , joysn1980, @HulaHoop from Whonix, and Sukhbir (sukhe) from the Tor project. I would like to say thank you to everyone who has helped me from my heart. Within such a supportive community, I enjoyed the development process so much that I kept experiencing flows.

This post, presenting in a Q&A form, is an introduction to the anon-connection-wizard which will be shipped with the upcoming Whonix 14! It is also a summary of the work I have done and the tasks I will be working on.

Q: What is anon-connection-wizard?

A: anon-connection-wizard is a python-based application that help users in different Internet environment connect to the Tor network. The followings are some screenshots of it which provides you with some visual impression on it:







Q: How does anon-connection-wizard work?

A: It will firstly ask users questions about their network environment, like whether they live in censored areas. And then, it will generate a .torrc file with the most suitable Tor configurations according to the answers from users.

Q: Isn’t it very similar to the Tor-launcher shipped with Tor Browser Bundle?

A: Yes, it does share several similar functions with the current Tor-launcher. I have been considering Tor-launcher as the upstream of anon-connection-wizard and trying to closely keep up and collaborate with their development.

Q: Why do we need anon-connection-wizard when we have already had Tor-launcher?

A: Because these two applications have very different use cases. Currently, the implementation of Tor-launcher heavily relies on the Tor Browser(which is based on Firefox). However, a Tor user does not necessarily be a Tor Browser Bundle user. There are still a large number of people I call system Tor users who would like to run core Tor with different torified applications. And these people (yes, you are one of them if you use Whonix!) may prefer anon-connection-wizard because it does not rely on Tor browser and all its dependencies have already been packaged into Debian.

Q: What works have you done during the summer?

A: anon-connection-wizard was originally developed by @troubadour as part of the Whonix Project. Some of the screenshots of its old version can be found in this Whonix blog post. In March, I completed the basic function and ported it from Python2 to Python3, from PyQt4 to PyQt5. During the summer, I made a huge amount of improvement and changes, which include:

  • Completely redesign anon-connection-wizard UI basing on Linda’s PET paper and Tor UX team’s proposal to new Tor-launcher.
  • Add a torrc page in anon-connection-wizard that allows users have an overview before connecting to the Tor network
  • Add serveral help buttons with detailed instructions to help users make decision
  • User input validation check
  • Let anon-connection-wizard remember user’s last time settings
  • Create a torrc_repair script that tries to fix corrupted .torrc files
  • Improve and add features to the tor_status.py
  • torrc.d feature request against Debian Tor package
  • Switch from overwriting .torrc approach to edit-mark approach, and then to torrc.d approach
  • Shipping default Tor bridges request
  • Update default provided Tor bridges

All my commits in the summer can be found in this pull request which has been merged into the Whonix repository.

I also wrote bi-week reports to @tor-project mailing list, which have been recorded on GSoC page in Tor wiki.

Q: What is your next step on anon-connection-wizard?

A: I will still be working on my Github repository and the following features will be implemented in the near future :

Q: What are you going to do in the future development?

A: The future goal of anon-connection-wizard is to be packaged as a generic standalone application into Debian so that it can be used by different anonymity focused distributions like Whonix and Tails. In order to achieve it, the following works need to be done:

  • package anon-connection-wizard as .deb
  • make anon-connection-wizard translatable
  • get anon-connection-wizard translated into different languages
  • after doing all the steps above, check if it can be helpful for Tails

What’s more, Tails developer anonym pointed out a promising future for the anon-connection-wizard on the tor-dev mailing list:

Any way, I also see potential for future collaboration between Whonix and Tails for extending the usefulness of anon-connection-wizard beyond what Tor Launcher (and its replacement) offers [2]; anon-connection-wizard targets the OS, not just a single application, so it could integrate the choices of network configuration (wired? which wireless network? MAC spoofing?) and Tor configuration (proxy? pluggable transport?) in a single place which probably makes more sense for users and also allows us to more easily (optionally) save these settings so they are restored the next time you visit the same network. This could potentially even be used to help giving users control over entry node selection to avoid persistent Entry Guards from leaking information about you geographical movement. [3]

Q: Can I get involved into the development of anon-connection-wizard, too?

A: Absolutely! Please let me say thank you for your interest in anon-connection-wizard! I was trying to keep most of my development communication public so that people like you can have a clear idea on how all the developing decisions have been made and how we have been communicating and cooperating with each other. Most of the discussions happened in these two places and a simple “hi, I think maybe I can help with…” is just enough to join us:

  1. [graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion
  2. review and merge anon-connection-wizard pull request by iry

Note that offering feedback, testing, developing, packaging, porting and translating are all ways to contribute and will all be welcomed!

Q: What other work have you done during the summer?

A: Like what I said in my GSoC proposal:

I never consider my project as a one-time project. Instead, I consider it as an important step to help myself get more involved in the Tor/Whonix community.

I was trying to jump into and follow up many different parts of the Tor and Whonix community. For those who may be interested, here are some links:

  • Github: @irykoon
  • Whonix Forum: @iry
  • Whonix Phabricator: @iry
  • Tor trac: @iry
  • Tor Mailing lists: iry at riseup dot net



How do you like the following process, @Patrick ?

  1. I write down a post below introducing the GSoC anon-connection-wizard project;
  2. I post it on Whonix blog after your review and maybe some revision;
  3. I use the URL to the Whonix blog post as the final evaluation link.

Sounds perfect!


The blog post is also perfectly worded! There are some duplicate spaces , please remove these. That’s about it. Please create the draft. I’ll look over it and publish it.


HI @iry

I really like the new look of the Gui. I looks a lot cleaner than the previous one. Thanks for all the hard work you put in the project and I’m glad to here your sticking around after the GSoc. :grinning:


Very long term:
This is very difficult to not break Whonix support then.

  • Non-Qubes-Whonix: these settings happen on the host, inaccessible to tor-connection-wizard
  • Qubes-Whonix: these settings happen in other VMs (in sys-net)

But perhaps it could be split into multiple modules which could be used independently.


Thank you very much for your feedback, @Patrick!

Done! I have edited the original post.

I am not very familiar with the Whonix blog posting process. Do I need to register on Whonix blog somewhere and then create a draft? Or is it okay for me to leave that post I just edited as a draft?


Thank you very much for your feedback, @0brand !

I will definitely stay around and I am looking forward to the further cooperation with you in the future!


I couldn’t agree more! Integrating those relatively independent modules together seems not to be a low-coupling design. (Btw, Tor-launcher is also a victim of high-coupling design.)

The following is the archives of your and my replies to this problem:


There are at least four "Tor-launcher"s being developed and maintained, which consumed a lot of developer time:

  • Tor-launcher in TBB
  • Tor-launcher in sandbox TBB by yawning
  • anon-connection-wizard in Whonix
  • Tor-launcher in Tails

When anon-connection-wizard is mature enough to be also used in Tails, problem can be mitigated a little bit. :slight_smile:


Please sign up using https://www.whonix.org/blog/wp-login.php?action=register and tell me your user account so I can add you write access.


Thank you, Patrick!

I have registered my username as iry.