Qubes OS release
Qubes OS 4.3
Brief summary
System
- Qubes OS: R4.2.x
- Whonix: 18 (whonix-workstation-18, whonix-gateway-18)
- VM type: StandaloneVM based on whonix-workstation-18
- Tor Browser version: 15.0.3
- Installation: fresh Whonix 18 install
Problem
Tor Browser fails to start only in StandaloneVM (not TemplateVM), showing:
Failed to start Tor Browser
Failed to run:
systemctl –no-pager –no-block status tb-updater-first-boot.service
Active: inactive (dead)
This happens even though Tor Browser is correctly downloaded and verified in whonix-workstation-18 TemplateVM.
Expected behavior
Tor Browser should start normally in StandaloneVM after being installed via TemplateVM, same as in AppVM / DisposableVM.
Actual behavior
- Tor Browser fails to start in StandaloneVM
- Error references
tb-updater-first-boot.service - Service is inactive (dead), but Tor Browser refuses to start
- No way to fix this inside StandaloneVM (no sudo, by design in Whonix 18)
Additional findings
While running update-torbrowser in TemplateVM, installer sometimes aborts with:
You could be target of an indefinite freeze attack!
This is caused by time skew in TemplateVM / GatewayVM.
After fixing time synchronization and re-running update-torbrowser, Tor Browser installs successfully — however StandaloneVM still fails to start Tor Browser.
Notes
- This did not happen with Whonix 17
- Appears to be a regression or behavioral change in Whonix 18
- Looks related to first-boot copy logic of Tor Browser from TemplateVM to StandaloneVM
- Error message is misleading, as service being inactive is normal after first run
Logs / commands
In TemplateVM:
This is caused by time skew in TemplateVM / GatewayVM.
After fixing time synchronization and re-running update-torbrowser, Tor Browser installs successfully — however StandaloneVM still fails to start Tor Browser.
Notes
- This did not happen with Whonix 17
- Appears to be a regression or behavioral change in Whonix 18
- Looks related to first-boot copy logic of Tor Browser from TemplateVM to StandaloneVM
- Error message is misleading, as service being inactive is normal after first run
Logs / commands
In TemplateVM:
update-torbrowser
ls -l /var/cache/tb-binary
In StandaloneVM:
systemctl –no-pager –no-block status tb-updater-first-boot.service
Question
Is Tor Browser officially supported in StandaloneVMs with Whonix 18?
If yes, the current behavior seems broken or undocumented.
If no, the error message should be clearer and documentation updated.
