Apps with bundled Tor: behavior after disabling transparent proxying?

Support
1

I have read the wiki on avoiding Tor over Tor by disabling transparent proxying.
I have also read a whonix forum answer on this but am not allowed to post links.

To me it is not clear how this works technically.

  1. What does the Tor bundled in the app do when transparent proxying is disabled?
    a. Does it fail to connect and then the app uses the builtin whonix tor on localhost:9050?
    b. What if the app checks its liveness?

  2. When configuring this no matter what happens in the workstation machine there is no way to leak the real IP. True or false?

  3. A whonix forum answer says that configuring the app proxy to a SocksPort can still become Tor over Tor. Is it possible to have some app in whonix scan for tor instances and modify them to do nothing but always return healthy on health check?

2

It doesn’t start. Does nothing.

No. It doesn’t start.

Which is then forwarded to Whonix-Gateway.

True.

Non-existing.

In theory, scanning for tor processes and notification is conceivable. Automatic reconfiguration is difficult.

3

Thank you.

Without whonix, when I disable internet and start a tor daemon the process starts and fails to connect. Why would a bundled daemon in an app in whonix fail to start at all?

I understand reconfiguring is too difficult and can give up on it. How should I detect? Scan every process for strings contained in the tor daemon? Is detecting possibly a built in whonix feature in the future?

4

Because anon-ws-disable-stacked-tor opens localhost listening ports. If already taken, attempting to open the same port will fail.

Process by name but always imperfect as Tor can be reimplemented as a library in any language.

Unless contributed not happening anytime soon.

Not on our highly ambitious roadmap. Kicksecure Security Roadmap

5

Thank you again. I want to see if my understanding is correct.

Transparent proxying ON:

  • Bundled tor with all defaults: Tries to open port occupied by anon-ws-disable-stacked-tor, fails. Safe.
  • Bundled tor with custom port: Becomes tor over tor, BAD.

Transparent proxying OFF:

  • Bundled tor with custom port: Bundled tor fails. Safe.
  • Very rare case: app has proxy settings, set to a whonix tor SocksPort, app runs builtin tor over the proxy, becomes tor over tor, BAD.

Is this correct?

6

Yes.