*About this Onion Services Guides* Page** Contributor maintained wiki page.
Support Status	stable
Difficulty	medium
Contributor	HulaHoop
Support	Support

Collection of various Onion Services Guides

Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.

None of the following guides are adjusted to work with Whonix. ^[1]

Introduction[edit]

To make your service better known it can be listed on ahmia.fi - a public directory of Onion sites that works closely with The Tor Project.

General Tips[edit]

Some very useful information on scaling onion sites was published in an article series on the Tor blog, see: Cooking with Onions: Finding the Onionbalance.

For creating a production level onion mirror of your clearnet site, refer to some tips in this tor-talk forum discussion: New Document: Building a "Proof of Concept" Onion Site.

Onion Services Guides[edit]

GlobaLeaks[edit]

Project main site

Security warning: Adding a third party repository and/or installing third-party software allows the vendor to replace any software on your system. Including but not limited to the installation of malware, deleting files and data harvesting. Proceed at your own risk! See also Foreign Sources for further information. For greater safety, users adding third party repositories should always use Multiple Whonix-Workstation^™ to compartmentalize VMs with additional software.

Documentation in the Whonix wiki provides guidance on adding third-party software from different upstream repositories. This is especially useful as upstream often includes generic instructions for various Linux distributions, which may be complex for users to follow. Additionally, documentation Whonix usually has a higher focus on security, digital software signatures verification.

The instructions provided here serve as a "translation layer" from upstream documentation to Whonix, offering assistance in most scenarios. Nevertheless, it's important to acknowledge that upstream repositories, software may undergo changes over time. Consequently, the documentation on this wiki might need occasional updates, such as revised signing key fingerprints, to stay current and accurate.

Please note, this is a general wiki template and may not apply to all upstream documentation scenarios.

Users encountering issues, such as signing key problems, are advised to adhere to the Self Support First Policy and engage in Generic Bug Reproduction. This involves attempting to replicate the issue on Debian bookworm, contacting upstream directly if the issue can be reproduced as such problems are likely unspecific to Whonix. In most cases, Whonix is not responsible for, nor capable of resolving, issues stemming from third-party software.

For further information, refer to Introduction, User Expectations - What Documentation Is and What It Is Not.

Should the user encounter bugs related to third-party software, it is advisable to report these issues to the respective upstream projects. Additionally, users are encouraged to share links to upstream bug reports in the Whonix forums and/or make edits to this wiki page. For instance, if there are outdated links or key fingerprints in need of updating, please feel free to make the necessary changes. Contributions aimed at maintaining the currentness and accuracy of information are highly valued. These updates not only improve the quality of the wiki but also serve as a useful resource for other users.

The Whonix wiki is an open platform where everyone is welcome to contribute improvements and edits, with or without an account. Edits to this wiki are subject to moderation, so contributors should not worry about making mistakes. Your edits will be reviewed before being made public, ensuring the integrity and accuracy of the information provided.

Installation Guide from GlobaLeaks third party repository

This is a guide to help you set up your own secure and anonymous whistle blowing platform. Note that this is a standalone node and not part of a network, although you can optionally list yourself in the Leaks Directory.

To decide between GlobaLeaks and SecureDrop read this detailed comparison written by a Tor Project developer.

Multiplayer Onion Gaming[edit]

See: Onion Gaming.

SecureDrop[edit]

SecureDrop is another widely used whistle-blowing platform installed at many news organizations. To set it up please refer to the official guide. To use SecureDrop as a source, refer to this documentation and for using SecureDrop as a journalist go here. For general information and project code go to their main GitHub page.

If you are a news or whistle-blowing site operator you may be interested in having your Onion Service address listed at the Freedom of The Press Foundation.

Sparkleshare[edit]

For a private and anonymous DropBox alternative you can run Sparkleshare as a Onion Service. To ensure that only you and the intended parties can access the service you need to set up Onion Service Authentication, see instructions.

SSH[edit]

Secure Shell is the dominant protocol for secure remote login and system administration. It is a critical component of server and internet infrastructure. Revelations from the Snowden documents and further analysis ^[2] has uncovered weaknesses in some of the included cipher-suites, allowing abuses by resourceful nation-state adversaries. If you run SSH in this day and age, it should be done from behind a Tor Onion Service.

Advantages:

protection by Tor
robust access control provided by Onion Services authentication ^[3]
NAT traversal
no need for services like DynDNS

Setup Onion Service Authentication.
Run SSH like normal or follow this guide if you are a beginner.

Stormy[edit]

Stormy is a simple Onion Service blog setup script. The developer hopes to have it packaged for Debian at some point, but it is under heavy development at the time of writing (only suitable for developers). To learn more, see: GitHub.

References[edit]

↑ https://forums.whonix.org/t/onion-services-guides/6587/12
↑ https://stribika.github.io/2015/01/04/secure-secure-shell.html
↑ Shields SSH from brute-force attacks and exploit attacks against the SSH server daemon.

Whonix

The most watertight privacy operating system in the world.

Dark mode

Supported by Power Up Privacy

Whonix is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Whonix we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint

2012- 2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Whonix needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!

[1] ttps://forums.whonix.org/t/onion-services-guides/6587/12

[2] ttps://stribika.github.io/2015/01/04/secure-secure-shell.html

[3] Shields SSH from brute-force attacks and exploit attacks against the SSH server daemon.

[1]

[2]

[3]

Onion Services Guides

Contents

Introduction[edit]

General Tips[edit]

Onion Services Guides[edit]

GlobaLeaks[edit]

Multiplayer Onion Gaming[edit]

SecureDrop[edit]

Sparkleshare[edit]

SSH[edit]

Stormy[edit]

See Also[edit]

References[edit]

Navigation menu

Onion Services Guides

Introduction[edit]

General Tips[edit]

Onion Services Guides[edit]

GlobaLeaks[edit]

Multiplayer Onion Gaming[edit]

SecureDrop[edit]

Sparkleshare[edit]

SSH[edit]

Stormy[edit]

See Also[edit]

References[edit]

Navigation menu

Search