Disadvantages of multiple sys-whonix gateway

MyQusr · October 30, 2021, 1:16am

I have multiple AppVM open that are connected to sys-whonix and I need more control over my the connection for each AppVM. If the speed for one AppVM is too slow or is blocked, I’d like to restart tor / rebuild the connection but without affecting the other AppVM. I’m testing 4 different sys-whonix, each created from scratch with different bridges. and it seems to work fine.

However, according to the Multiple_Whonix-Gateway document, it states there are anonymity threats if more than one gateway like sys-whonix is used concurrently.

Relative to using a single sys-whonix, wouldn’t the problem be negated by using bridges? Also, wouldn’t this also mitigate cross-vm attack vectors?

Patrick · October 30, 2021, 4:08pm

No, I wouldn’t know why. Also interesting security discussions whether to use or not use bridges here:

No, I don’t see how this would change anything about side channel attacks.

For reference:

MyQusr · October 30, 2021, 5:12pm

I assumed each sys-whonix uses different virtual bridges which could mitigate this attack.

Patrick · October 30, 2021, 5:18pm

Unfortunately not. Whonix (and nobody else either) unfortunately has no perfect/direct fixes for host virtualization platform issues (side-channel attacks).

MyQusr · October 30, 2021, 6:16pm

Well I guess it’s no worse than using a single sys-whonix, although I understand it’s best to avoid multi-tasking with multiple AppVM running in parallel.