Tor 3.4.8 upgrade - nice.
Couple of issues re: wiki.
1. One person noted over in the Qubes issues tracker a valid point re: upgrading to Whonix 14, prior to a Qubes 4.0.1 release where it is the default. That is, we recommend the uninstalling of Whonix 13, then using Salt etc to download the new Whonix 14 version.
Problem is, clearnet download says to adversaries: “Look over here! I’m one of the few 10s of thousands that uses Whonix in Qubes. Please rape me at IP address XX.XXX.XXX.XX”?
2. We say in a few places that you should have the latest Tor Browser installed on the host (Qubes: a DebianBased AppVM?) to check Tor connectivity if Whonix is borked & to find a viable solution.
Fine, but I think the days of manual downloads from Tor Project, and key, and verifying on the command line are so 1999.
Why don’t we explicitly note in the wiki instead a preference for the torbrowser-launcher
method instead (from stretch-backports):
Install from official repository
Debian “experimental”
If not already done add the experimental repository to your sources.list. printf "deb http://deb.debian.org/debian experimental main contrib" > /etc/apt/sources.list.d/experimental.list apt update Using Terminal as Root execute the following command apt install torbrowser-launcher -t experimental
Debian “Sid”
Users of Debian Sid (Unstable) can install torbrowser-launcher easily:
Using Terminal as Root execute the following command apt install torbrowser-launcher
Debian 9 “Stretch”
If not already done add the Backport repository to your sources.list. printf "deb http://deb.debian.org/debian stretch-backports main contrib" > /etc/apt/sources.list.d/stretch-backports.list apt update Using Terminal as Root execute the following command apt install torbrowser-launcher -t stretch-backports To open Tor Browser choose one of the following two options Option 1: Using GNOME, open the Activities Search. Simply type in Tor Browser Option 2: Using Terminal as user run the following command torbrowser-launcher The first time you open Tor Browser the new version will automatically be downloaded and installed. On every subsequent open a check for updates will be done, and Tor Browser will automatically be updated to the latest available version from the Backport repository.
I like the torbrowser-launcher option by Micah (and @mig5?). I tested it, and unfortunately doesn’t work due to the new signing sub-key or whatever used by the Tor Project not yet being recognized.
No doubt it is a marked issue to fix and will be sorted shortly, but do you like this method @Patrick i.e. automate things?
Still on my TODO:
- Continue link fixes
- Note upgrading kernel steps to address various threats recently discussed
- General edits for awkward text etc.