GUI to enable obfuscated bridges through sys-whonix

[mfc]

Qubes OS version: R3.1

Affected TemplateVMs: whonix-gw

---

Expected behavior:

user are presented with a GUI where they can select different bridges to use to connect to Tor if it is censored in their country/region, just like with the Tor Browser.

Actual behavior:

users must navigate Whonix.org documentation and manually find and add bridges into torrc

General notes:

use bridges in Tor Browser instructions: https://www.torproject.org/docs/bridges#AddTorNotWorks
bridges in Whonix instructions: https://www.whonix.org/wiki/Bridges#How_to_use_bridges_in_Whonix

[mfc]

as a note, I would argue this documentation should be ported to Qubes website so that it can be included in the offline docs (very, very useful information to have offline for users).

• [ ] port bridges documentation over to Qubes website - moved to #1202
• implement GUI

[mfc]

as a note, I would argue this documentation should be ported to Qubes website so that it can be included in the offline docs (very, very useful information to have offline for users).

• [ ] port bridges documentation over to Qubes website - moved to #1202
• implement GUI

[adrelanos]

anon-connection-wizard has been started by @troubadoour. Screenshots and references:
https://www.whonix.org/blog/connection-bridge-wizard

We discussed it at 32c3 with @bnvk which went well.

Unfortunately, anon-connection-wizard is unfinished, not ready for Whonix 13, and troubadoour is now missing in action.

I'd appreciate help with python gui stuff. Otherwise I can try to teach myself enough python gui stuff to finish it for Whonix 14.

[adrelanos]

anon-connection-wizard has been started by @troubadoour. Screenshots and references:
https://www.whonix.org/blog/connection-bridge-wizard

We discussed it at 32c3 with @bnvk which went well.

Unfortunately, anon-connection-wizard is unfinished, not ready for Whonix 13, and troubadoour is now missing in action.

I'd appreciate help with python gui stuff. Otherwise I can try to teach myself enough python gui stuff to finish it for Whonix 14.

[bnvk]

@adrelanos is the GUI written in Gtk or Qt?

[bnvk]

@adrelanos is the GUI written in Gtk or Qt?

[adrelanos]

python-qt

[adrelanos]

python-qt

[adrelanos]

Can we move the bridges documentation discussion into its own ticket as I can imagine it will be a separate discussion.

[adrelanos]

Can we move the bridges documentation discussion into its own ticket as I can imagine it will be a separate discussion.

[andrewdavidwong]

Can we move the bridges documentation discussion into its own ticket as I can imagine it will be a separate discussion.

Agreed. Copied to #1202.

CC: @mfc

[andrewdavidwong]

Can we move the bridges documentation discussion into its own ticket as I can imagine it will be a separate discussion.

Agreed. Copied to #1202.

CC: @mfc

[irykoon]

@mfc @adrelanos
Hi! I am very interested in implementing the connection wizard for Tor pluggable transports. And I believe that a discussion before starting the work will help me have a better understanding of the expected behavior of it. So could you please help me with the following question?

After viewing the code of both anon-connection-wizard and whonix-setup-wizard, I find two applications share some similar functions. For example, both of them serve as a guideline to help users connect to Tor network through different approaches. Therefore, there are at least two options to make a connection wizard for Tor pluggable transports depending on different definitions of the purposes of Whonix-setup-wizard:

1. If Whonix-setup-wizard serves as a panel that allows Whonix users to use it to configure Whonix whenever they want, then I can just modify and extend the current Whonix-setup-wizard;
2. If Whonix-setup-wizard only serves as a first-time-only tool which helps users start out with Whonix, then I can make the anon-connection-wizard standalone and prompt it out when users select related buttons on the whonix-setup-wizard interface.

Could you please tell me your ideas about this two options?

Thank you very much!

[irykoon]

@mfc @adrelanos
Hi! I am very interested in implementing the connection wizard for Tor pluggable transports. And I believe that a discussion before starting the work will help me have a better understanding of the expected behavior of it. So could you please help me with the following question?

After viewing the code of both anon-connection-wizard and whonix-setup-wizard, I find two applications share some similar functions. For example, both of them serve as a guideline to help users connect to Tor network through different approaches. Therefore, there are at least two options to make a connection wizard for Tor pluggable transports depending on different definitions of the purposes of Whonix-setup-wizard:

1. If Whonix-setup-wizard serves as a panel that allows Whonix users to use it to configure Whonix whenever they want, then I can just modify and extend the current Whonix-setup-wizard;
2. If Whonix-setup-wizard only serves as a first-time-only tool which helps users start out with Whonix, then I can make the anon-connection-wizard standalone and prompt it out when users select related buttons on the whonix-setup-wizard interface.

Could you please tell me your ideas about this two options?

Thank you very much!

[mfc]

hi @irykoon! thanks for your interest in implementing this. I think you are right in highlighting that these functionalities are quite similar/complementary.

From my perspective combining them and adding the pluggable transports selection certainly seems to make the most sense, that way a user can configure it on first-run as well as any other time they may want to change their connection transport.

[mfc]

hi @irykoon! thanks for your interest in implementing this. I think you are right in highlighting that these functionalities are quite similar/complementary.

From my perspective combining them and adding the pluggable transports selection certainly seems to make the most sense, that way a user can configure it on first-run as well as any other time they may want to change their connection transport.

[adrelanos]

Thank you for your interest!

I envision whonix-setup-wizard to be Whonix specific.

• disclaimer (Non-Qubes-Whonix only)
• whonix-repository wizard
• auto start in Non-Qubes-Whonix only (Qubes-Whonix does not need the disclaimer and comes with Whonix repository enabled by default)
• rip out the connection wizard
• manually start kdesudo whonix-setup-wizard repository at any time to change Whonix repository settings

anon-connection-wizard could be non-Whonix specific. Could be used on any Debian (or any Linux) to configure system Tor.

• Whonix will continue to ship /etc/tor/torrc with DisableNetwork 1
• anon-connection-wizard auto starts at first boot
• figuring out /etc/tor/torrc contains DisableNetwork 1 and auto starting anon-connection-wizard does not need to be done in the main gui script
• user can manually re-run anon-connection-wizard to reconfigure connection settings at any time

For now, I'd suggest concentrate on anon-connection-wizard. Later whonix-setup-wizard can be adjusted which will really be simple.

Does that sound sensible?

[adrelanos]

Thank you for your interest!

I envision whonix-setup-wizard to be Whonix specific.

• disclaimer (Non-Qubes-Whonix only)
• whonix-repository wizard
• auto start in Non-Qubes-Whonix only (Qubes-Whonix does not need the disclaimer and comes with Whonix repository enabled by default)
• rip out the connection wizard
• manually start kdesudo whonix-setup-wizard repository at any time to change Whonix repository settings

anon-connection-wizard could be non-Whonix specific. Could be used on any Debian (or any Linux) to configure system Tor.

• Whonix will continue to ship /etc/tor/torrc with DisableNetwork 1
• anon-connection-wizard auto starts at first boot
• figuring out /etc/tor/torrc contains DisableNetwork 1 and auto starting anon-connection-wizard does not need to be done in the main gui script
• user can manually re-run anon-connection-wizard to reconfigure connection settings at any time

For now, I'd suggest concentrate on anon-connection-wizard. Later whonix-setup-wizard can be adjusted which will really be simple.

Does that sound sensible?

[irykoon]

Thank you very much for your quick and detailed responses. I agree with @adrelanos that:

For now, I'd suggest concentrate on anon-connection-wizard. Later whonix-setup-wizard can be adjusted which will really be simple.

I've started my work now.

[irykoon]

Thank you very much for your quick and detailed responses. I agree with @adrelanos that:

For now, I'd suggest concentrate on anon-connection-wizard. Later whonix-setup-wizard can be adjusted which will really be simple.

I've started my work now.

[mfc]

FYI Iry is working on this as a Google Summer of Code project.

[mfc]

FYI Iry is working on this as a Google Summer of Code project.

[irykoon]

Just a kind reminder for Qubes Community that anon-connection-wizard is mature enough to be shipped with Whonix14!

More information can be found here:
https://www.whonix.org/blog/anon-connection-wizard

[irykoon]

Just a kind reminder for Qubes Community that anon-connection-wizard is mature enough to be shipped with Whonix14!

More information can be found here:
https://www.whonix.org/blog/anon-connection-wizard

[mfc]

awesome, great job iry! looking forward to seeing it in whonix 14 :)

[mfc]

awesome, great job iry! looking forward to seeing it in whonix 14 :)

[adrelanos]

Will be done in Whonix 14 with certainty. Already done.

Please close.

[adrelanos]

Will be done in Whonix 14 with certainty. Already done.

Please close.