I’m currently exploring the best way to deploy Tor Browser in a shared Linux workstation environment (Ubuntu-based), where multiple non-technical users need secure and anonymous browsing capabilities.
Ideally, each user would have isolated browser profiles and usage logs would be kept minimal or completely avoided. However, maintaining ease-of-use and reducing support complexity are also priorities.
Are there any recommended best practices, scripts, or system-level configurations (sandboxing, AppArmor, restricted permissions, etc.) that the community would suggest for this kind of use case?
I’ve reviewed some official docs and GitHub discussions, but I’d really appreciate insights from anyone who’s already tackled similar deployments—especially in public or institutional settings.
for public accounts for home use, Tor Browser is already configured by default to preserve anonymity: there are no special parameters, scripts or sandboxing to set, except in the case of non-connection _ adding bridges.
the sandboxing/apparmor or in vm seems to me exaggerated for the use you wish to make.
you can however choose a profile according to your degree of trust and your security model that you wish to have if you have appeared activated/installed and see if it bothers you or not.
the use of a VPN is not useless.
on this subject, there are several questions and therefore several avenues:
a) open a user account (non-admin) for each user from a single workstation: simple, everyone has an individual account and is free to browse (access to certain sites can normally be restricted by the firewall).
b) open a personal user account on each workstation (you can bring your own p.c.) and set personalized usage.
c) open a restricted account via the “kiosk” application
(this would be what you’re asking for, if I’ve understood the limits you’re trying to set): everyone has a restricted account.
nb: Restricting usage or restricting operation is the opposite of what Tor Browser offers.
for accounts linked to use in a government department, it doesn’t seem to me to be recommended or authorized (except for an omission or error on my part), as everything is registered in a government department.
depending on the solution you choose, you can download from the repositories or from the site, with verification.
it is possible that a particular ubuntu (edu or other ) already offers a version prepared for this case.
a link if it corresponds to your choice: