sudo apt-get install torbrowser

TL;DR: I wrote a piece of software called Tor Browser Launcher that downloads and auto-updates Tor Browser Bundle for you, in your language and for your architecture, and verifies signatures. I’d like help finding bugs before the initial release.

Over the years, Tor Project has done an amazing job at making Tor more user-friendly. In the past if you wanted anonymity you had to download and install Tor, maybe hand-edit your torrc file, and configure your browser to use a proxy server. You had to make sure that you didn’t have browser plugins like Flash or Java enabled that would compromise your anonymity. Eventually, this got easier when you could install the TorButton Firefox add-on, but even then you had to keep manually separate your own identity and your anonymous browsing.

Now all you have to do is head to torproject.org, click the large “Download Tor” button, and then download the Tor Browser Bundle (TBB). Then you extract it (normally to somewhere in your home directory, or to a USB stick) and run start-tor-browser, and wait to connect to the Tor network and for your anonymous browser to pop up with the friendly green “Congratulations. Your browser is configured to use Tor.” page.

Tor Browser Bundle

Despite these advancements, Tor could still be more user-friendly.

If you want to install TBB for regular use on your computer, you don’t get a Tor Browser entry in your desktop environment’s menu system. You can’t easily add it to your Ubuntu Unity launcher, favorite it in GNOME 3, or stick it on a panel in Cinnamon or MATE (not to mention add it to your quick launch bar in Windows).

TBB doesn’t automatically update either. It warns you when you’re using an out-of-date version but you have to repeat the download and extract process manually. People often use Tor Browser infrequently enough to not bother with updating when they just want to quickly look something up anonymously, which compromises their security.

When users download TBB, Tor Project provides a GnuPG signature of the package, but roughly 0% of users, including the elitest of hackers, actually verify that signature to be sure they weren’t MitM’d during the download. All TBB downloads go over HTTPS (unlike some security tools), but there are still critical and widely publicized security problems with relying on the certificate authority infrastructure.

GnuPG signatures

Finally, for GNU/Linux users, there’s no easy way to install TBB from the package manager, which is the preferred and expected way to install software on that platform. If it were installable from the package manager, it would open up the possibility for distributions to have Tor Browser installed by default.

These reasons are why I wrote Tor Browser Launcher. Check it out on GitHub.

Tor Browser Launcher is intended to make the Tor Browser Bundle (TBB) easier to maintain and use for GNU/Linux users. You install torbrowser-launcher from your distribution’s package manager and it handles everything else, including:

  • Downloading the most recent version of TBB for you, in your language and for your architecture
  • Automatically updating while saving your bookmarks and preferences
  • Verifying the TBB’s GnuPG signature
  • Adding a “Tor Browser” application launcher to your desktop environment’s menu

When you first launch Tor Browser Launcher, it will download TBB from https://www.torproject.org/ and extract it in ~/.torproject, and then execute it. When you run it after that it will just execute TBB.

I’m hoping to first get Tor Browser Launcher into Tor Project’s deb.torproject.org repository, and then later into Debian and Ubuntu, and other distributions as well like Fedora and Arch. I want Tor Browser Launcher to become the preferred way for GNU/Linux users to get TBB.

Eventually I’d also like to port Tor Browser Launcher to Windows and Mac OS X.

When you install Tor Browser Launcher, it adds a “Tor Browser” item to your desktop environment’s menu in the Internet category:

Tor Browser Launcher in the menu

The first time you run it, or when it finds updates, it downloads TBB from https://www.torproject.org/, and it also verifies the GnuPG signature:

DownloadingVerifying

On success, it runs start-tor-browser, which loads Vidalia and Firefox. If you already have TBB installed, it immediately runs start-tor-browser:

Tor Browser Success

If the GnuPG signature doesn’t check out, it throws an error:

Signature verification error

I’d like your help. I think Tor Browser Launcher is about ready for it’s first release. I’m already working on getting it into deb.torproject.org, but first I want to find and fix any final bugs. Can you install it, try using it, and if you find anything wrong open a new issue on GitHub?

If you’re using Debian, Ubuntu, Mint, or a related distro, it’s easy to build a .deb from source and install it. First install git, python-stdeb, and all of the Tor Browser Launcher dependencies:

sudo apt-get install git python-stdeb python-gtk2 python-psutil python-twisted wmctrl gnupg

Then git clone it, and build and install the .deb:

git clone https://github.com/micahflee/torbrowser-launcher.git
cd torbrowser-launcher
./build_and_install.sh

After typing your password to install the .deb, you’re done. You should now have a “Tor Browser” menu item. If you want to see debugging information, run torbrowser-launcher from a terminal.

To see the discussion with the community that lead to this, check the comments on these two bugs: #3994 and #5236. Also, some discussion happened on the tor-talk and tor-dev mailing lists.

I also want to point out that Jamie Nguyen has successfully packaged Tor Browser for Fedora, though it’s not in the official repos. His solution doesn’t technically use TBB, but is still clever. I prefer Tor Browser Launcher though because it’s much less work to maintain (no need to update it each time there’s a TBB release), and if it ends up in distros that are slow to provide new versions of software (like Debian stable) users will still get the latest and greatest TBB.

24 thoughts on “sudo apt-get install torbrowser

  1. Tiger-222

    Nice shot!
    I also want to notice that on Debian GNU/Linux wheezy, I need to manualy install python-all (using aptitude or apt-get) and need to modify torbrowser-launcher on line 194 to specify ‘en-US’ as other locales are still not supported (as of now only en-us build is available since april 2nd). Moreother, idealy, the package and signature should be pushed on the same day: for the latest release, the package was pushed on apri 2nd and the sig on april 5th.

    Great project 🙂

    Reply
  2. The Knight

    Thank you ever-so much for writing this.

    Its both awesome & slightly sad that you implemented this idea before either Debian or Tor devs, but hopefully now that its out there it will be easier to convince both of them to move it upstream. Thanks again.

    Reply
  3. Radix

    Installed fine, but currently getting “404 not found” when it tries to download TBB. Tried a mirror or two with same results.

    Curiously, was not asked for a password when I installed it. Maybe related?

    Reply
  4. slippery

    Just wanted to point out that when I tried to build the launcher there were two dependencies missing: python-game and python-lzma from these instructions. Package manager wouldn’t let me install them but “apt-get -f install” fixed it and I was able to complete the build process.

    Cool idea, looking forward to testing it.

    Reply
  5. nllz

    Some dependency issues in Debian that I did not encounter before. This is not fixed with sudo apt-get -f install because python-parsley and python-txsocksx are not in the repos.

    dpkg: dependency problems prevent configuration of torbrowser-launcher:
    torbrowser-launcher depends on python-parsley; however:
    Package python-parsley is not installed.
    torbrowser-launcher depends on python-txsocksx; however:
    Package python-txsocksx is not installed.

    dpkg: error processing torbrowser-launcher (–install):
    dependency problems – leaving unconfigured
    Processing triggers for desktop-file-utils …
    Processing triggers for gnome-menus …
    Errors were encountered while processing:

    Reply
  6. bighornram

    I installed torbrowser onto Jessie/testing amd64. Your instructions were clear and easy to follow. The package built just as you said. I think it is a great tool.

    Reply
  7. Md. Ariful Islam Arif

    After installation “The Tor Browser Bundle should not be run as root.” Please help me.

    Reply
  8. milhouse

    When do you expect to get TBL into Ubuntu/Mint’s repository? It would be great that even newbies (like me) could install it. 🙂

    Reply
  9. isaac

    260Mb, don’t think it’ll fit on the phone, trying it right now. Is there another way? have Debian installed but having trouble with installing Tor.

    Reply
  10. Glenn

    Could you add the missing txsocks and parsley to the raspbian distro and get it to run on a raspberry pi? Or a workaround?
    I have a raspberry pi2 with arm7 quad processor (some raspberry pi’s use arm6 single core) I would gladly provide a rpi2 you to try it out on! (They cost $35 and come without case, powersupply, Micro SD 8+GB card class 4 or 6, keyboard, and mouse. From Raspberry PI)

    I am not skilled enough to figure where things need to go. I am not skilled enough to edit your Launcher to make it work. I am not skilled enough to build a working distro. I am not skilled enough to add TBB to the NOOBS. I tried unsucdessfully to put txsocksx and parsley into my raspbian computer but failed likely wrong location or … ….?????

    Thanks in advance.

    Reply
  11. Glenn

    yeMicah I have access to all of the OSes in berryboot and in noobs. I have been trying for several months to get tbb (tor btrowser bundle) to work thru any means I can try. My method is usually to cut and paste into whatever seems to be the correct place in the OS’s terminal often having to use sudo in front of the command to make it work. I am not verry good with linux YET! But i am very determined to communicate without big brother simply because big brother is ILLEGAL & WRONG!

    i am wondering if you would consider accepting a gift of a raspberry PI 2 B from me to make tor work for all raspberry users. These things come ala-carte. (It would likely be less costly than the gas I have invested in trying to figure out how to get TOR on my raspberry pi 2.) I live near MCM electronics and could have them send it you.

    other things that you would need might be include
    a case (Optional)
    a usb mouse & keyboard
    a micro usb power supply
    a micro SD card (perhapse class 4 due to backward compatibility issues.)
    Either NOOBS or raspiboot
    or if you can tell me how to get debian on either system please tell me.
    a monitor with a hdmi input.ystem
    an internet connection with an rj45 connector.
    I will be glad to get in further touch with you.
    I think you should have my email

    Reply
    1. Micah Lee Post author

      Hey Glenn, that’s a very nice offer, but unfortunately there isn’t a lot that I can do to make Tor Browser work on a Raspberry Pi. The problem is that Raspberry Pis have ARM processor, and Tor Project only releases binaries of Tor Browser for x86 and x86_64 processors for Linux. If Tor Project starts releasing ARM versions of Tor Browser, then it will be trivial to patch Tor Browser Launcher to make it support downloading and installing those packages too.

      So your best bet is to convince Tor to work on this. It looks like there’s already an open ticket: https://trac.torproject.org/projects/tor/ticket/12631

      Reply
  12. Citizen

    Thanks for the project.
    At this moment, after installing it the first time, it tries to download “https://dist.torproject.org/torbrowser/5.5a4-hardened/tor-browser-linux64-5.5a4-hardened_en-US.tar.xz”.
    It fails with 404, I suppose “https://dist.torproject.org/torbrowser/5.5a4-hardened/tor-browser-linux64-5.5a4-hardened_ALL.tar.xz” is what it should download instead.

    Also, I would really prefer everything in one folder, the bin, config, cache and all. Maybe even in one user-definable folder?

    Reply
  13. Glenn

    Dear Micah,

    AWESOME!!!!!
    RPI3 is out!

    I think it should be possible to compile and run Tor Browser bundle for RPI2 or Rpi3.

    For those with the skills to do so Could you please Detail what commands would be necessary to make this happen in ANY Distro That will run in RPI3 and OR RPI2?

    How long should it take to compile and run?
    I think I heard that the compiler must also be compiled for these computers.
    Anyway, I would still be happy to donate an RPI2 and/or RPI3 for this.

    Reply
  14. Alan

    Hi. I am curious as to why TOR is not in the repositories, or through the package manager? Surely there are enough people in the Linux community interested in not contributing to the general collection of people’s data. Message to Linux community. Please, please put TOR in the repositories. 2016 Still hoping. 🙂

    Reply
  15. RB

    I’m getting a failed certificate warning every time your app tries to download and install Tor Browser, on two different machines. Both are running Ubuntu 16.04 LTS 64-bit.

    I am able to run the manually downloaded Tor Browser from its extracted folder, located in my Downloads folder, and it runs fine as a “portable app”, but it doesn’t create any launchers for Unity, and its a pain in the butt to manually create them. I am looking to install Onionshare also. As you know, downloading Onionshare from the repositories includes your app, which creates the launchers and downloads Tor Browser as well, but fails with a bad certificate error every time, for me.

    Love the concept of your app, and is the way Tor Browser and Onionshare installs should be implemented in the first place, but its just not working out for me, after repeated attempts.

    Can you help a brother out?

    Reply
  16. georg

    Hi Micah,
    This is great stuff, but unfortunately at the last step I’ve got an issue.
    Here ist the original note by my system (raspberry pi 2 running an ubuntu mate 16.04 lts, german localization):
    sudo apt-get install build-essential dh-python python-all python-stdeb python-gtk2 python-twisted python-lzma python-txsocksx gnupg fakeroot xz-utils tor gpg
    [sudo] password for georg:
    Paketlisten werden gelesen… Fertig
    Abhängigkeitsbaum wird aufgebaut.
    Statusinformationen werden eingelesen…. Fertig
    Paket gpg ist nicht verfügbar, wird aber von einem anderen Paket
    referenziert. Das kann heißen, dass das Paket fehlt, dass es abgelöst
    wurde oder nur aus einer anderen Quelle verfügbar ist.

    E: Für Paket »gpg« existiert kein Installationskandidat.

    Result is, that there is no installation candidate for gpg. Do you have any idea, what I’ve done to fail?

    Best regards
    Georg

    Reply

Leave a Reply to bighornram Cancel reply

Your email address will not be published. Required fields are marked *