[graphical gui] Whonix Setup Wizard / Anon Connection Wizard - Technical Discussion


Priority high because the GSoC students needs feedback to not block progress.

Thank you for giving me so much attention! @Patrick @JasonJAyalaP

I just implemented the torrc.d feature and made a pull request:


New changes:

  • .tmp will not overwrite .torrc if no changes were made before canceling
  • remove “advance” button


  • hide the close button so that cancel button will have to be used when quit.
  • Another solution is trying to connect the close button to cancel_button_clicked()
  • instead of using cancel button, use quit button which is customized and always placed on the bottom left


New changes:

  • switched from /usr/lib/python3.4 to /usr/lib/python3/dist-packages
  • default settings will be adjusted according to .torrc
  • switch from self-made .tmp file to python tmpfile
  • better instructions and UI

Thanks to the new implementation, the following TODO is no longer needed:


New paper on Tor launcher usability/recommendations in PETS 17


Hi HulaHoop!

Thank you very much for keeping me updated to the new UX research on Tor launcher.

Linda’s paper is inspiring. I have had several thoughts in my mind on how to improve the UX of the current anon-connection-wizard. I hope I can implement those thoughts as soon as possible so that anon-connection-wizard will not block the release of Whonix14. :wink:

Some thoughts:

  • I am thinking about switching the current torrc_page to the one shown in Linda’s paper (Fig4 g, which is on page 8).

  • I also kind of like the “process bar” in Linda’s paper indicating which page users are at and how many configuration have been or will be done. This will give a user a general feeling on how much work they have done/will do, which may reduce their uncertainty on how much options do they still have to choose and let them have a general impact on what anon-connection-wizard can help them do.

  • I also kind of like the idea shown in the paper that further options will show up in the same page right after a checkbox is clicked. However, this feature cost almost a redesign of anon-connection-wizard and may not improve the usability that much so let’s set the priority as low.

  • The instructions on description and options in anon-connection-wizard should also be improved. Small work but big improvement, so I will set the priority as high. :wink:


Done: https://github.com/Whonix/anon-connection-wizard/pull/7



  • BUG: /etc/tor/torrc is accumulate /n due to a not proper implementation
  • add more detailed instructions to the censorship circumvention help page, integrating the instructions in whonix-setup-wizard
  • ask if a cli version of anon-connection-wizard is a good idea.
  • merge whonixsetup(cli) into anon-connection-wizard


whonix-setup-wizard incudes several different options:
setup, quick, repository, locale_settings.

When we talk about integrating tor-conncetion-wizard with whonix-setup-wizard, do we mean replacing the old setup and quick options with the tor-conncetion-wizard?

It seems whonix-setup-wizard is more than displaying disclaimers and providing an entry to tor-conncetion-wizard, which means abandoning it will also abandon repository, locale_settings options?

Yes, it is hard since cli is written in bash.

Do you think it will be a good idea to write a python-based cli which supports bridge and proxy settings? It seems to be easy at the first glance:

  • share code base with the current GUI one
  • input can be simply taken by input() function in Python3

It will be something like:

Please choose options by inputing 1-4:
1) Conncet
2) Configure
3) Disable Tor
4) Quit

Could you please share your insights on the questions? @Patrick @JasonJAyalaP

I really appreciate your help!

GSoC with Tor and Whonix: Anon-Connection-Wizard

True. locale_settings is in limbo.



Disclaimer can be abandoned for next release. So let’s keep only repository.

In theory, that seems nice-to-have. In practice… Priority change. Pretty low priority. I recommend not to spend time on it. You probably have you hands full with tor-connection-wizard gui?

Unfortunately, due to personal reasons, I cannot spend as much time on Whonix as I used to spend. Whonix 14 release which includes port to Debian stretch / Qubes 4.0 lags far behind. We need more focus and help with Whonix core development. I’ll announce this in the coming days.

GSoC with Tor and Whonix: Anon-Connection-Wizard

I understand.

I agree with you.

I really enjoyed the Whonx development process. And I will stay around after the end of GSoC.

I am looking forward to a further discussion on the future development of Whonix! :slight_smile:


Tor UX team’s final redesign of the Tor launcher.

It contains a wizard page where user can get latest Tor bridges by finishing a challenge-response test. However, this means a clear net connection to the BridgeDB server. I am not sure whether this behavior will harm the anonymity and will be allowed in a anonymity-focused distribution.

Other features are fortunately implemented in the latest anon-connection-wizard. :wink:

I like the idea that explicitly tell users if you are living in country A, B or C, you need to configure obfs4 etc. I will add the instructions to anon-connection-wizard soon :slight_smile:


That’s great to hear!

If Tor Project thinks that’s alright… Let’s follow their turn.

To access clearnet on Whonix-Gateway…

sudo -u clearnet some-cmd-here

We could either run a script under user clearnet (preferable) or whole tor-connection-wizard under user clearnet (more risky - in case of clicking links in the gui, we don’t want some [yet to be developed] operating system standard feature to open a remote website).

The only Whonix specific piece would be:

  • run the clearnet script direclty vs
  • Whonix specific sudo -u clearnet cmd

Does that sound viable?


Agreed. Thank you for your instructions, Patrick! I will be working on this feature. But I will set the priority as low before the feature is really implemented in Tor launcher.

Btw, I remember that a new API was developed in BridgeDB, which I will check if it is helpful when interacting with the BridgeDB server.


anon-connection-wizard is using bridges_default file to ship the default bridges.

The default bridge used by anon-connection-wizard should be exactly the same bridges contained in bridge_prefs.js shipped with the latest TBB. This is because:

  1. the servers hosting default bridges are set up for huge amount of traffic;
  2. the servers hosting default bridges are probably audited by TPO for better security;
  3. using a different set of bridges will distinguish the anon-connection-wizard bridge users from the TBB bridge users, which compromises their anonymity.

We need a mechanism to synchronize the latest bridge_prefs.js. The following are two ways:

  1. Create a mechanism that automatically convert the bridge_prefs.js to the current bridges_default formatt. Then ship the bridges_default file;
  2. Modify the current bridge parser to be able to extra the bridges from bridge_prefs.js. Then ship the bridge_prefs.js file.

The first solution grantees the bridges_default file shipped to users will work. The difficulty of it will be the implementation of almost full automatic mechanism. (Otherwise, it will be pretty time/effort consuming to detect/extra/update the bridge information manually every time.)

The second solution will heavily relies on the format of bridge_prefs.js file which is controlled by TPO, not Whonix. Maybe a well written RE will be fine to adapt minor changes, however, the risk of be broken after a automatic update can not be eliminated.


Is it possible or a good idea to include bridge_prefs.js in Debian tor package? I guess not.


Worth suggesting to ship some default bridges also with the Debian tor package.

How often does it change? In this quickly evolving field, perhaps better to keep manual? Otherwise, could you please ask what they think how stable the format will be?


Thank you very much for your instructions, Patrick!

I will be working on these two problem!


The development progress of the BridgeDB API can be found here:


Feature request on Debian BTS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=872456
Feature request on tor-dev@: https://lists.torproject.org/pipermail/tor-dev/2017-August/012399.html

GSoC with Tor and Whonix: Anon-Connection-Wizard

I will strip the bridges out manually currently. And perhaps write a RE filter script to help me with that. :slight_smile: