My Tor browser in Whonix stucked on an old version (13.0.1.). I was suspicious from a while, because the browser was all the time saying that there is an update avaliable. A few days ago I started to monitor the version of the browser, it is the one heavily outdated one from above. After a successful update I checked again, and it is still at the same version. I’m confused because my Whonix templated should be up to date, so I’m not sure what could be the problem. Does anyone have an idea what could causing this?
Run Tor Browser Downloader in the Whonix Workstation template to update your Tor Browser inside this template.
More information:
http://www.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Tor_Browser/Downloader_by_Whonix#Installation_Process
Clearnet link
Tor Browser Essentials
2 Likes
I’m on it, but my attempt for upgrading ended up in this error message:
ERROR: Digital signature (GPG) could NOT be verified.
Tor Browser update failed! Try again later.
gpg_bash_lib_output_alright_status:
gpg_bash_lib_output_failure:
gpg_bash_lib_output_diagnostic_message:
gpg_bash_lib_internal_gpg_verify_status_fd_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_status_fd_file
gpg_bash_lib_internal_gpg_verify_output_file: /var/cache/tb-binary/.cache/tb/gpgtmpdir/gpg_bash_lib_internal_gpg_verify_output_file
gpg_bash_lib_output_gpg_import_output:
gpg: keybox ‘/var/cache/tb-binary/.cache/tb/gpgtmpdir/pubring.kbx’ created
gpg: key 4E2C6E8793298290: 1 duplicate signature removed
gpg: key 4E2C6E8793298290: 236 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: /var/cache/tb-binary/.cache/tb/gpgtmpdir/trustdb.gpg: trustdb created
gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) " imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found
gpg_bash_lib_output_gpg_verify_output:
gpg: Signature made (REDACTED, a bit more than a week ago)
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: BAD signature from "Tor Browser Developers (signing key) " [ultimate]
gpg_bash_lib_output_gpg_verify_status_fd_output:
And now despite that I had this warning, the Tor Browser Downloader says that my currently installed version is 13.5. Even if at the end it didn’t got installed and my previous attempt ended up with the error message above. Creepy 
Not sure about this error. I think it’d be better to ask about it on the Whonix forum:
http://forums.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/c/qubes-whonix/12
Clearnet link:
Qubes-Whonix - Whonix Forum
2 Likes
I opened a terminal and tried an update in the workstation template to the same current version (13.5), was successful, and it clearly used a different key than yours. Not sure why this would be.
INFO: Digital signature (GPG) verification… This will take a moment…
INFO: Using digital signature signing key by The Tor Project.
INFO: Digital signature (GPG) verification ok.
INFO: Installation confirmation
Currently installed version: 13.5
Downloaded version : 13.5
We have not previously accepted a signature yet. Therefore assisted check for downgrade or indefinite freeze attacks skipped. Please check the Current Signature Creation Date looks sane.
Previous Signature Creation Date: Unknown. Probably never downloaded a signature before.
Last Signature Creation Date : June 20 18:06:55 UTC 2024
According to your system clock, the signature was created 14 days 9 hours 51 minutes 21 seconds ago.
gpg reports:
gpg: Signature made Thu 20 Jun 2024 06:06:55 PM UTC
gpg: using RSA key 613188FC5BE2176E3ED54901E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) " [ultimate]
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
** Subkey fingerprint: 6131 88FC 5BE2 176E 3ED5 4901 E53D 989A 9E2D 47BF**
Learn more about this Installation Confirmation Notification.
Tor Browser Essentials
QUESTION: Install now?
Tor Browser and Network is always under heavy attack and bias. I do have a Ventoy TEMPLATE with Tails. My clock is GPS. Tails got attacked on Time Setup, bootstrap and bridges. It got to 41% connection but did not connect. Software people want to make money not provide privacy. It might be your location/area. My locations are supposed to be free to access Tor but I get static and attacked all the time. I can’t run Tor Browser for 24 hours without getting pushed into faked updates … bla, bla, bla. I get tracked on Tor Browser even when I go to ebay.com or smile.amazon.com (average 40%). It does not surprise me. On top of it, I don’t think WhoNix is a very good development.