Using Tor Browser Launcher in Qubes
I maintain a piece of software called Tor Browser Launcher. It takes care of downloading Tor Browser Bundle for you, verifying the gpg signature, making sure you’re always using the latest version of Tor Browser, and making it easier to launch.
I originally only made Tor Browser Launcher work in Debian-based distributions, but since the default templates in Qubes are based on Fedora, I recently ported it to RPM-based distributions as well. Here’s how to set it up.
You’ll need to build an RPM from the torbrowser-launcher source code first. Create a new appvm (I called mine tbl-builder), open a terminal in it, and follow these steps:
sudo yum -y install git python-psutil python-twisted pygame wmctrl gnupg fakeroot git clone https://github.com/micahflee/torbrowser-launcher.git cd torbrowser-launcher ./build_rpm.sh
When you’re done, it should have built an RPM package in dist/torbrowser-launcher-[version]-1.noarch.rpm. Go ahead and copy this to your templatevm:
qvm-copy-to-vm fedora-20-x64 dist/torbrowser-launcher-*.rpm
Now that you’ve copied the RPM to your templatevm, you can shut down and delete the appvm you just created. Next, open a terminal in your templatevm (e.g. fedora-20-x64), install torbrowser-launcher (and then cleanup your templatevm’s home dir):
sudo yum install QubesIncoming/tbl-builder/torbrowser-launcher-*-1.noarch.rpm rm -r QubesIncoming
Now shut down your templatevm. Now all you have to do to add Tor Browser to your menu is go to an appvm’s settings, switch to the Applications tab, and move “Tor Browser” and “Tor Browser Settings” from Available to Selected, and save. If your appvm was already running when you installed torbrowser-launcher in your templatevm you’ll have to shut it down and restart it.
Now you can open Tor Browser the way you open any other software in any of your appvms.
Qubes also supports a special kind of netvm called a torvm. You can read about it here. If you set an appvm’s netvm to be your torvm (making your appvm an anonvm), then all internet traffic in that appvm gets transparently proxied through Tor. This is great for a wide variety of things, but using the Tor Browser itself is still much wiser, because it does a lot of anti-forensics tricks that keep you anonymous. If you just use Firefox in an anonvm, your browser can much more easily be fingerprinted.
If you’d like to use Tor Browser in an anonvm, you have to do one more step to stop yourself from connecting to Tor through the Tor network. Open Tor Browser in your anonvm, click the onion icon and open Preferences. Under Proxy Settings, change “Use the recommended proxy settings for my version of Firefox” to “Transparent Torification (Requires custom transproxy or Tor router)”. Then go to https://check.torproject.org/ to verify that you’re still connected to the Tor network.
That’s it. Now if your Tor Browser gets hacked and the attacker tries to leak your real IP address, it just won’t work. They’ll have to break out of Qubes isolation first.
Legacy comments, imported from previous version of this blog:
Hey Micah. I noticed in your step
You’ll need to build an RPM from the torbrowser-launcher source code first. Create a new appvm (I called mine tbl-builder), open a terminal in it, and follow these steps:you seem to be creating a unique "AppVM" just to do the building process, do you do this for building all packages? Is this the more desired / secure approach instead of doing it inside of the fedora-21 TemplateVM ?
I don't think this is necessarily more secure than just installing these in the fedora-21 template. I just didn't want people mucking up their template with packages they might not necessarily want.
Hi. Is it possible to run adobe flash inside a Firefox anonvm? I know about the security fails of flash for anonymity purposes, but i just wish know if this will provide a safe way to run flash? I study online whonix runs flash safely if asked, so can Qubes do the same? Thanks.
Yes, Qubes can do the same. The main anonymity risks about using Flash is that it doesn't need to respect your browser's proxy settings, which means it can connect to server without using Tor (to learn your real IP), and also Flash videos can set their own type of cookies that can track you as you use the web. If you're using it inside of an anonvm, even if Flash tries to connect without using a proxy it will still end up going over Tor.
And Tor Browser was specifically designed to make it impossible to uniquely fingerprint your browser, which isn't true for other browsers. So if you wanted to do this, it would also make sense to set your Firefox settings to never save a history and delete everything on exit, and perhaps chance your user agent to make it look like you're using Firefox in Windows or something.
Of course, Flash is also really buggy, and using it at all is one of the easiest ways to get hacked. So if you use Flash in an anonvm, it's more likely that that vm will get hacked than if you used the normal Tor Browser.
Thanks for detailed replying! I will now try Qubes also after whonix & tails.
However, in case of Whonix and TOR VM, as it relates to Qubes, flash player cannot directly connect to server without using Tor due to their respective inherent architectures that force any/all apps to go through TOR network as there are no other connections available or possible.
Isn't this true?
Hello Micah, thank you for your guide.
you might want to add 'rpm-build' to the list of packages to install before building, otherwise building will fail because rpmspec is missing.
Is it OK to remove the torlauncher TorBrowser Addon when running in transparent torification mode? (Starting Torbrowser without that addon is ALOT faster.)