I copied settings from Tails and it worked. You just need write the line like this: ExcludeNodes {country code},{country code} Without spaces after commas. That was my mistake.
1 Like
OK, there is another problem: how to update Tor Browser in Disposable??? First I tried to update it using Tor Browser Downloader in its Disposable Template, then it said to me that it’s impossible to do in Disp. Template. Then I tried to do the same in Template on which Disp. Template is based and then it downloaded Tor Browser but then shown an error that it failed to verify Tor Browser’s gpg… So what the hell?! How to do this finally?!
And there another one problem was found: before downloading Tor Browser, Downloader warned that if I want to keep all my previous Tor Browser profile (like bookmarks and so on) I need to download update from the inside of the Tor Browser itself, instead of using Downloader. I don’t have any profile at the moment, but when I will, HOW the hell can I update Tor Browser from the inside if the entire manual always was saying that you need update apps only in Template and nowhere else?!
At the moment found only this as something looking like a solution. I tried updating via Downloader before but not in the terminal. Now will try the terminal and see if it’ll solve the problem. Probably it needs the Tamplate update before Tor Browser’s so maybe this is why it failed to verify GPG, because there was no sudo apt update procedure in terminal. I will check it out. But also probably I even don’t know what I am talking about. 
Whonix has a dedicated downloader for the Tor Browser, which you will need to use to update it. First, make sure both your gateway and workstation are fully updated (you can use the official Qubes Updater for this). Then you’ll need to run the update from the workstation template (not the disposable template). If you check the list of applications in the qube settings, you’ll see an application called “Tor Browser Downloader”, add it to make it easier for future updates. As for keeping the bookmark on Tor, I’m not sure how it’s handled on whonix, since it replaces the previous version with the new unpacked one. I guess you can backup your bookmarks to a file and import them back after the update?
1 Like
Seems this question is more dedicated to Qubes OS than to Whonix, because in Whonix (I guess) you can update Tor Browser just from inside, unlike in Qubes, where you can’t just update from inside.
I can say that I did all of this yesterday and now have updated versions of Whonix Gateway and Workstation. Also updated Tor Browser. Before installing of new version there popped up a message where was written this:
We have not previously accepted a signature yet. Therefore assisted check for downgrade or indefinite freeze attacks skipped. Please check the Current Signature Creation Date looks sane.
Previous Signature Creation Date:
Unknown. Probably never downloaded a signature before.
Last Signature Creation Date :
December 06 11:57:02 UTC 2023According to your system clock, the signature was created 4 days 19 hours 2 minutes 36 seconds ago.
gpg reports:
gpg: Signature made Wed 06 Dec 2023 11:57:02 AM UTC
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF
Is there everything OK with this? Looks like yes, but the only thing I have doubts about is that such a fresh signature.
And also I noticed that here Tor Browser has no circuits feature built in it, like it is in regular Tor Browser and TB in Tails. I mean that feature where you can look what circuits TB uses at the moment.
(from the left, where also is lock icon). I found Onion Circuits in sys-whonix, but with that feature in TB would be better.
Also why nowhere is shown the current language that keyboard now uses? In theory it was supposed to be somewhere in the upper right corner of the screen, but it’s not anywhere. This function must be present in any OS, otherwise it is quite uncomfortable.
It won’t be easy to do because it will be replaced every time. You could update it manually without using the updater, but you will have to check everything by hand.
An alternative would be to use this:
You haven’t saved a previous signature, so yes, you’re fine. The signature is based on the latest version. What could be wrong is if the gpg key itself is new.
It can’t work like Tails or the classic Tor Browser because whonix has the Tor daemon separated into a completely different system (sys-whonix). The easiest way to check all circuits is to use Onion Circuits or Nyx, as you found out.
No idea, you can check the keyboard layout with localectl inside dom0 if that’s what you’re looking for. Maybe you can add a widget in xfce4 to see it.
1 Like
Thanks. Seems I found it. System Tools/Panel/Items Not sure if it was exactly what you were talking about, but now I have country flags in my upper right corner and they changing when I change my keyboard layout. 
But strange that there are some items in that list that are not presented on the control panel because of some reason, but are presented in the list of Panel Preferences. As for example “PulseAudioPlugin” and some “action buttons”, and “Separator” (don’t know for what it is).
There is another important question: how to save bookmarks and settings in Tor Browser of DisposableVM? Found this but I can’t believe people do ALL this every time they need to create a new bookmark. If I would not find any adequate solution I would do like this: create text file where to store all the bookmarks. And with settings I would have to do the same as in Tails - just set them every time again when the new TB session is started. But, guys, honestly… this is a cr@p. 
You can’t, that’s the whole point of disposable qubes. Once they are stopped, the content is deleted.
You can use my earlier recommendation qubes-app-split-browser, which would also work in disposable qubes.
Qubes and Whonix work very differently from Tails. What you might want to do is create a new qube based on the Whonix workstation and update it with the internal Tor updater. At least you will keep your bookmarks.
Also I could do like this: each time when I added some new bookmarks or settings in Disp. VM’s Tor Browser I would to copy its bookmarks and settings files to the same directory in the Disposable Template. I’m sure it would work but could lead to certain risks. Anyway, can anyone tell me where Qubes OS stores Tor Browser’s bookmarks and settings files? I forgot where it was in Linux at all. It could be useful to me and anyone who’s ever read it. 
Whonix install Tor Browser settings in the user directory: /home/user/.tb/tor-browser
1 Like
Yes, of course I understand, but they could implement two modes in Disposables. One mode would work like regular Disposable. The other mode would give to user ability to save bookmarks and settings. The same is implemented in Tails with their persistent storage. If I were them, I’d do exactly that. That’s convenient.
You can use firefox policies to save your bookmarks and other settings:
1 Like
You will need an AppVM for this use. Tor sanitizes itself every time it starts, so using an AppVM is no different than using a mode that reinjects settings like you described.
So, fresh news, guys!
- I tried to create new sys-usb using your manual and seems it failed. In terminal almost all processes were completed good but there was one error message that says it can’t find “qvm.sys-usb”. And in the end of the operation log (in terminal) was no lines telling that operation is done successfully. Then no sys-usb appeared, so I realized that operation was failed and attached usb device back to the sys-net. Then, after rebooting, sys-net cube did not start automatically so I had to start it manually and it could’nt, saying it can’t reset pci-device. So I detached usb again and started sys-net successfully. Also had to start manually sys-firewall and sys-whonix, 'cause they also didn’t it automatically. My thought is that’s because of sys-net that is disposable. I forgot to say about it.
I followed one stupid (as I understand now) advice of one guy that said that it would be good if also make sys-net disposable during installation. Now I have re-create my Wi-Fi connection every time after rebooting. 
So either way I need re-create sys-net cube to make it persistent (or just changing its disp. template to “none” will be enough to make it persistent?). Maybe there is a way to create sys-usb in GUI instead of terminal? Maybe it would be simpler? - Also you didn’t tell the full path to bookmarks folder of the Tor Browser. I specially made a bookmark on this page to find it in TB folders. I searched everywhere, using Thunar File Manager of Disposable and there is no bookmarks folder or profile file. In profile.default folder is only folder for extensions. Can you do the same steps as me and write the full path where you found your bookmarks folder?
- Today I have notification about new Whonix Workstation update. I updated it few days ago and new update so soon? Did you have that notification too? It’s new update or I just broken something in that template? I did nothing except those steps you said me to do.
Also forgot to tell that before I connect to the Internet sys-firewall and sys-whonix always display an error message that they can’t connect to some “qerexec”, “qerxec” or something like this. Is it normal?
At the moment found this as possible solution. Will try it.
Do you know exactly where it failed?
sys-usb can be rebuilt manually instead if the salt stack does not work for you.
sys-net can also be rebuilt manually if you want to make it persistent:
- Create a new AppVM sys-net2 based on fedora-38
- Check “start qube automatically”
- In “Advanced”, disable “Include in memory balancing”
- Check “Provides network”
- Switch from PVH to HVM
- In “Devices”, add your network controller(s) (check the other sys-net to be sure what to add)
- In “Services”, add “network-manager”
- Turn off sys-net, then start sys-net2 and see if you are able to access internet
- If it works, turn off sys-net2, transfer your qubes to sys-net2 and delete sys-net
- Rename sys-net2 to sys-net
Tor is based on Firefox ESR, so everything should be in a sqlite database rather than an easily readable file. The Tor Browser profile is located here in /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default. In this directory you will find the places.sqlite file which contains your bookmarks.
Make sure you update it outside of a disposable qube. It should be updated in the template and/or in the persistent qube you have already created.
Whonix sometimes creates errors related to Qrexec, if you can catch the policy in the notifications that would be helpful to know where it’s coming from exactly.
1 Like
And also: how you guys change circuit in browser when you need it? If just to select new identity you will loose your account session. In regular browser you just could use change circuit button if for example the old circuit was too slow or had bad exit node. So how to do the same in Whonix case? Searched in their forum but didn’t find anything yet.
I know about this file and I watched exactly there and there was and still is nothing. This folder just contains “Extensions” folder and nothing else. But when I open bookmarks window in browser it contains that bookmark. Then I tried to open that folder from browser itself and found those files there. Somehow they are not displayed in Thunar File Manager, even though the display of hidden files is enabled. I need probably to try the other file explorer.