negative zero

Using Mullvad Browser for Lokinet

2023 July 25

[darknets] [lokinet] [oxen] [tech] [tutorial]

This is mostly the same as my I2P version of this post.

Note: This guide does not cover how to set up Lokinet. It's just for configuring the browser.

Installing Mullvad Browser

These steps are mostly for Linux. If you're running a different OS, you can probably figure it out on your own.

  1. Install dbus-glib
  2. Mullvad Browser needs dbus-glib installed or it will silently fail to run.

    On Debian:

    sudo apt install libdbus-glib-1-2

    On Fedora:

    sudo dnf install dbus-glib
  3. Download Mullvad Browser
  4. Get it from Also download the GPG signature.

  5. Verify your download
  6. It's signed with the Tor Browser Developers' signing key, which has fingerprint EF6E286DDA85EA2A4BA7DE684E2C6E8793298290. You probably shouldn't take my word for that. If you've already downloaded and verified the Tor Browser, you should have this key. If you use Micah Lee's fantastic torbrowser-launcher tool, then you can use the gnupg_homedir from that:

    gpg --homedir ~/.local/share/torbrowser/gnupg_homedir/ --verify-files mullvad-browser-linux64-12.0.4_ALL.tar.xz.asc

    (Change the version number and whatnot as needed.)

  7. Extract the downloaded archive wherever you want it
  8. tar xf mullvad-browser-linux64-12.0.4_ALL.tar.xz -C ~/.local/share/
  9. "Register" Mullvad Browser
  10. Like Tor Browser, Mullvad Browser has an executable, self-modifying start-mullvad-browser.desktop file which you can use to "register" the application, adding it to your applications menu and so on.

    First, cd into the Mullvad Browser directory in the one you specified above:

    cd ~/.local/share/mullvad-browser

    Now, run this executable with the --register-app option:

    ./start-mullvad-browser.desktop --register-app

    This will modify the .desktop file to reflect the path where you put it as well as copying it to ~/.local/share/applications/ so it appears in your applications menu.

    If you want to launch it from the keyboard, you can always run Mullvad Browser from this directory, but it might be easier to cat that .desktop file, copy the Exec= stuff, and bind that to some combination of keys.

Configuring Mullvad Browser for Lokinet

  1. Disable DNS over HTTPS
  2. Go to about:preferences, scroll to the bottom of the General section, and in the Network Settings section, click Settings... beside the text "Configure how Mullvad Browser connects to the internet."

    Uncheck Enable DNS over HTTPS.

    (Lokinet uses DNS, so having the application override your system DNS preferences causes problems.)

    Connection Settings menu in Mullvad Browser, showing that DNS over HTTPS has been disabled

  3. Disable HTTPS-Only Mode
  4. Go to the Privacy & Security section.

    Scroll to the bottom section (HTTPS-Only Mode), and set "Don't enable HTTPS-Only Mode".

    You don't need HTTPS on .loki sites because the Lokinet layer provides end-to-end encryption and authentication.

    Privacy & Security settings in Mullvad Browser. The option "Don't enable HTTPS-Only Mode" has been selected.

  5. (Optional) Change your Security Level
  6. I have mine set to Safest.

    Privacy & Security settings in Mullvad Browser. The Security Level has been set to Safest.

  7. Disable keyword.enabled
  8. Go to about:config (and click through the warning if it gives it).

    Change keyword.enabled to false.

    Now, when you put in something.loki, the browser will just let you visit it, instead of thinking it's not a URL and trying to do a web search.

    about:config in Mullvad Browser. The setting "keyword.enabled" has been set to false.

  9. (Optional) Uninstall the Mullvad Browser Extension
  10. Add-ons manager in Mullvad Browser. The cursor is hovering over the Remove button for the Mullvad Browser Extension.

You should now be able to use Mullvad Browser for Lokinet. (Note, you will need to run Lokinet separately. That's outside the scope of this post.)


While this is not a guide for using Lokinet, bear in mind that Lokinet by default only onion-routes traffic to Lokinet domains and lets direct connections to all other IPs/domains through. Make sure you know what you're doing and enable an exit node if you need one.

(For the same reason, you might want to disable third-party requests or make uBO rules to block non-Lokinet domains.)