Differences between revisions 60 and 61
Revision 60 as of 2017-08-29 07:55:03
Size: 10708
Editor: UlrikeUhlig
Comment: Correcting mistaken information that using tbl does not verify the download, this is plainly wrong. downloa iverified by the software through GPG & package verified by maintainer.
Revision 61 as of 2017-08-29 07:57:34
Size: 10922
Editor: UlrikeUhlig
Comment: improve text
Deletions are marked like this. Additions are marked like this.
Line 33: Line 33:
Line 38: Line 37:
<!> The download is verified by the software through GPG and the torbrowser-launcher package has been verified through GPG and signed Git tags by the maintainer. The download of torbrowser is made by the software on first launch. It verifis the authenticity of the downloaded TorBrowser files automatically through GPG. The torbrowser-launcher package has been verified through GPG and signed Git tags by the maintainer. However, if you download the .deb directly you will not use Debian's APT repository keys to verify the package itself.

Introduction

Tor Browser protects your privacy while you are surfing the Internet: it prevents somebody watching your Internet connection from learning what sites you visit, it prevents the sites you visit from learning your physical location, and it lets you access sites which are blocked.

Tor Browser is based on Firefox and will be familiar to many users.

To keep your protection strong you need to update the Tor Browser regularly. In Debian the easier way to do that is to install Tor Browser using torbrowser-launcher, which automatically installs Tor Browser, run it, and update it to keep its protection strong and protect your privacy.

The advantage of using torbrowser-launcher over the manual installation of the TorBrowser package (called Tor Browser Bundle) is threefold:

  • You will benefit from automatic upgrades
  • If using AppArmor, you will benefit from the AppArmor profiles contained in the package

  • Program launchers and menu entries will be created for you automatically

Install

Debian "Sid"

Users of Debian Sid (Unstable) can install torbrowser-launcher easily:

  1. Using Terminal as Root execute the following command
    apt-get install torbrowser-launcher

Debian 9 "Stretch"

<!> torbrowser-launcher is not available in stable (Stretch). See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863407.

Option I

<!> torbrowser-launcher can be installed manually from unstable. ***Notice:*** Mixing packages from different distributions is generally not recommended; do it on your own risk.

The download of torbrowser is made by the software on first launch. It verifis the authenticity of the downloaded TorBrowser files automatically through GPG. The torbrowser-launcher package has been verified through GPG and signed Git tags by the maintainer. However, if you download the .deb directly you will not use Debian's APT repository keys to verify the package itself.

Steps to install torbrowser-launcher from unstable on Debian 9 "Stretch":

  1. [Download the deb-file](https://packages.debian.org/sid/torbrowser-launcher) (e.g., torbrowser-launcher_0.2.7-3_amd64.deb for amd64 architecture).

  2. Install gdebi
    sudo apt-get install gdebi
  3. Install the torbrowser-launcher

    sudo gdebi torbrowser-launcher_0.2.7-3_amd64.deb

Option II

Torbrowser-launcer can be installed from Torproject.org and verified using the official guide to be sure to get the right bits.

To hide the folder

  • $ mv tor-browser_en-US .tor-browser_en-US

To add it to the launcher cd in the folder and

  • $ ./start-tor-browser.desktop --register-app

Debian 8 "Jessie"

Steps to install Tor Browser on Debian 8 "Jessie" with Backport

  1. If not already done add the Backport repository to your sources.list.

  2. Using Terminal as Root execute the following command
    apt-get install torbrowser-launcher -t jessie-backports
  3. To open Tor Browser choose one of the following two options
    • Option 1: Using GNOME, open the Activities Search. Simply type in Tor Browser

    • Option 2: Using Terminal as user run the following command

    torbrowser-launcher
  4. The first time you open Tor Browser the new version will automatically be downloaded and installed. On every subsequent open a check for updates will be done, and Tor Browser will automatically be updated to the latest available version from the Backport repository.

Frequently Ask Questions (F.A.Q.) for Debian 8 "Jessie"

Any volunteer to edit this section?

Debian 7 "Wheezy"

torbrowser-launcher in wheezy-backports is currently outdated.

<!> Debian 7 "Wheezy" is supported and secured until May 31st, 2018. With Long Term Support (LTS). To keep your computer secure it is suggested to upgrade to Debian 8 "Jessie" at your earliest convenience.

Steps to install Tor Browser on Debian 7 "Wheezy" with Backport

<!> Debian 7 "Wheezy" is supported and secured until May 31st, 2018. With Long Term Support (LTS). To keep your computer secure it is suggested to upgrade to Debian 8 "Jessie" at your earliest convenience.

  1. If not already done add the Backport repository to your sources.list.

  2. Using Terminal as Root execute the following command
    apt-get install torbrowser-launcher -t wheezy-backports
  3. To open Tor Browser choose one of the following two options
    • Option 1: Using GNOME, open the Activities Search. Simply type in Tor Browser

    • Option 2: Using Terminal as user run the following command

    torbrowser-launcher
  4. The first time you run Tor Browser the new version will automatically be downloaded and installed. On every subsequent run a check for updates will be done, and Tor Browser will automatically be updated to the latest available version from the Backport repository.

Update

To update choose one of the following two options. If unsure, the "automatic update" option is easier and recommended.

Automatic update

Tor Browser will automatically prompt you to update the software once a new version has been released. The Torbutton icon will display a small yellow triangle. When you are prompted to update Tor Browser:

  1. Click on the Torbutton icon
  2. Select “Check for Tor Browser Update” option. If needed see those screenshots to clarify the location.

  3. When Tor Browser has finished checking for updates, click on the “Update” button.
  4. Wait for the update to download and install, then restart Tor Browser. You will now be running the latest version.

Alternatively, if you installed Tor Browser using the torbrowser-launcher package. Simply close all Tor Browser windows. Then re-open Tor Browser. It will automatically check if a new version is available. Follow the instructions on your screen.

Manual update

Before manually updating Tor Browser it is suggested to periodically backup any valuable data. Such as your bookmarks. Which you could import after the manual update.

Manually update Tor Browser

  1. When you are prompted to update Tor Browser, finish the browsing session and close the program.
  2. Remove Tor Browser from your system by deleting the folder that contains it. If needed see that Uninstalling section for more information.

  3. Visit https://www.torproject.org/projects/torbrowser.html.en and download a copy of the latest Tor Browser release, then install it as before.

Advanced Tor Usage

Torrc File Location

If you installed "torbrowser-launcher" on a 64 bit system, the "torrc" advanced configuration file is located at:

  • ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc

If you installed "torbrowser-launcher" on a i686 bit system, the "torrc" advanced configuration file is located at:

  • ~/.local/share/torbrowser/tbb/i686/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc

Related documentation

AppArmor confinement and Xserver isolation

HolgerLevsen has written some scripts which are available in /usr/share/doc/torbrowser-launcher/examples/ if you have installed the package.

These scripts show how to run torbrowser-launcher (and thus torbrowser), confined with AppArmor, in Xephyr (a virtual Xserver running on another Xserver) as another user. This, using AppArmor and Xephyr, shall have two effects:

  • the browser process (and it's subprocesses) can - thanks to AppArmor confinement - only access a tiny part of the filesystem

  • the real Xserver is not exposed to the browser application, so hopefully that application cannot exploit bugs to grab keyboard input from other applications.

In order to use these scripts, please refer to /usr/share/doc/torbrowser-launcher/examples/.

You can also read those scripts here if interested: https://anonscm.debian.org/git/pkg-privacy/packages/torbrowser-launcher.git/tree/debian/examples?h=debian/sid

Bugs and known issues

See also

References