Kicksecure ™

Download

On Computer USB Installation Intel / AMD64 ARM64 Raspberry Pi PPC64 Windows (VM) Mac Linux (VM) VirtualBox (VM) Qubes (VM) KVM (VM) Debian morph to Kicksecure More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

Using Kicksecure without Tor. Can Kicksecure be used without Tor?

Documentation on how to use Kicksecure without Tor.

A Kicksecure Repositories Review

Look through the repositories provided by Kicksecure on GitHub (sorted by name). For example, security-misc can be installed without installing any packages that Depends: on tor.

Each repository has a rudimentary README file that explains the functionality of the software package and how to install it.

B Packages for Debian Hosts

Some packages are mentioned on the Packages for Debian Hosts wiki page.

C Kicksecure Meta Packages Review

Alternatively, the user could look at kicksecure-meta-packages debian/control and choose meta packages that do not Depends: on tor. This is not easy, as a package on which a meta package Depends: might itself have a Depends: on tor.

The user would have to review the output of APT before proceeding with installation to see if it includes tor.

D Install a fake Tor package

1 Pretend that tor is already installed by creating a dummy package using dummy-dependency:

dummy-dependency tor

2 Adjust the system so that APT updates are performed without using Tor.

3 Follow the instructions in Update without Tor to complete the configuration.

E Mask the Tor service.

The user could attempt to prevent Tor from starting before installing Kicksecure. Untested!

1 Prevent the main Tor service from starting automatically.

sudo systemctl mask tor

2 Prevent the default Tor instance from being started by systemd.

sudo systemctl mask tor@default

3 After masking Tor, proceed with Update without Tor.

1 Overview and preparation.

Read this section carefully. No commands need to be run yet.

The tor+ prefix would need to be removed from any APT sources files:

• 1 The /etc/apt/sources.list file; and
• 2 Any file inside the /etc/apt/sources.list.d folder.

By Kicksecure default, this would involve modification of /etc/apt/sources.list.d/derivative.sources , which can be done using the repository-dist tool, and /etc/apt/sources.list.d/debian.sources , which is documented below.

2 Reconfigure /etc/apt/sources.list.d/derivative.sources to use clearnet transport.

sudo repository-dist --enable --repository stable --transport plain-tls

See Project-APT-Repository for other options (such as testers repository, etc.).

3 Manually remove the tor+ prefix from the Debian sources file.

sudo str_replace "tor+https" "https" /etc/apt/sources.list.d/debian.sources

4 Review and update any additional APT sources files.

Only required if additional third-party repositories were previously added.

5 Completion.

The process of disabling torified APT updates has been completed.

Since Kicksecure updates are torified by default (security feature), this is not compatible with Qubes cacher by default without additional configuration.

To set up Qubes cacher:

1 Disable torified updates inside the Kicksecure Template.

The user would need to apply the instructions Update without Tor in the Kicksecure Template.

2 Configure Qubes cacher using the standard Qubes documentation.

Unspecific to Kicksecure. Self Support First Policy applies.

3 Completion.

The process of configuring clearnet cacher updates has been completed.

1 Set up Qubes cacher according to the standard Qubes instructions.

Unspecific to Kicksecure. Self Support First Policy applies.

2 Route cacher traffic through Tor.

cacher would need to be configured to use a NetVM that supports torification, such as, for example, Whonix sys-whonix. This is also unspecific to Kicksecure.

3 Configure the Kicksecure Template to use cacher as the Qubes UpdatesProxy.

Specific to Qubes, not Kicksecure.

4 Disable torified updates inside the Kicksecure Template.

The user would need to apply the instructions Update without Tor in the Kicksecure Template. This is because torification would be handled by cacher and its NetVM. ^[1]

5 Completion.

The process of configuring torified cacher updates has been completed.

This is mostly undocumented. No development progress should be expected, as this is not the project focus.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2026 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2026 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!