Is there a way from the workstation, to connect to the gateway, and ask it for a new TOR exit IP?
That depend if the App with Stream(Network) Isolation or not:
I meant more if I were to write my own little application, can I request a new IP or a specific IP?
Possible but this is not Whonix issue to do this work for your application, but you can do it using Whonix.
No, Specific IP means Specific Guard and thats not how Tor works and even if there is away then its unsafe to use this method for your anonymity.
https://www.whonix.org/wiki/Free_Support_Principle applies since this is a general Tor question.
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt for how to give commands to Tor.
signal NEWNYM is related but not really what you want, which quote FAQ
will likely create a new circuit with a different Tor exit relay and IP address, but this is not guaranteed.
This FAQ entry mostly applies:
Tor can do that, but how to do that is as far as I know undocumented. https://gitweb.torproject.org/torspec.git/tree/control-spec.txt would help doing it but certainly non-trivial. However, it’s still more of a Tor than Whonix question.
Isn’t there an open port on the whonix server that you can connect to (e.g. with telnet) and just issue some command to get a new exit node? Sorry for my own confusion.
- port 9050 on Whonix-Workstation (with onion-grater filtering which can be adjusted)
/var/run/tor/controlunix domain socket file on Whonix-Gateway
but that is not your problem. You need to learn how to use Tor first - which doesn’t concern Whonix. That’s the big/difficult part to learn. After you figured that out, making that work on Whonix is the easy part by comparison.
Doesn’t exist - at least not in an easy way. Learning how to do that by using https://gitweb.torproject.org/torspec.git/tree/control-spec.txt is the only option that I know.
So the way the Tor Browser asks the Whonix Server for a new IP isn’t something I can easily implement myself?
I’m basically only asking how I can from the Whonix Gateway do the same as pressing ‘n’ in the arm interface on the Whonix Server, or like the Tor Browser does it.
I will try to read up on this myself in general since I clearly lack some knowledge, but just knowing this part would help a lot.
It’s not asking for a new IP.
It’s asking for newnym (new circuit).
That is answered here:
Thanks for clarifying, sorry again, but what I mean is simply this then:
How can I from the Whonix Workstation, using telnet, ask for a new circuit (newnym)?
That is something you would have to research on your own. What you are asking can be very dangerous so its not likely many (if any) users have done that.
Its understood what you are asking. Patrick tried to point you in the right direction in previous posts. This is more of a Tor question so you may want to try asking on tor.stackexchange? Maybe a more generic question leaving out the Whonix part of your question?
How do I change my Tor circuit remotely? Then apply what you learn to Whonix.
Note: new circuit doesn’t mean new IP as already said.
I will research this on my own. Thank you. Could you tell me why it might be dangerous?
Whonix uses hypervisors to isolate the Whonix-Workstation Whonix-Gateway from each other and the host. If Whonix-Workstation is compromised and you connect to Whonix-Gatway (from the Whonix-Workstation) the Gateway could also be compromised. If that happened you could be de-anonymized.
Thanks for your help but this doesn’t seem right.
I’m not doing anything an attacker couldn’t already do.
If an attacker compromised my Whonix Workstation, that attacker could connect to the Whonix Gateway as well, using https://www.whonix.org/wiki/Tor_Controller#Command_Line_Tor_Control_Command
I’m not adding anything extra, I’m just using existing functionality already provided.
If it was a remote exploit. Your assuming worst case scenario. Which is what you want to do but its more likely you would pick up a passive malware unless you were high profile.
Anyways you are increasing the risk of Whonix-Gateway compromise by connecting from Whonix-Workstation.
An application can send
signal newnym to Whonix-Gateway without additional risk since Tor Browser does the same. If
signal newnym does what the application developer wants depends on the understanding of
signal newnym (=ineffective for long running connections, need to terminate connections before
signal newnym has effect).
I stand corrected.
Running any new application inside the Workstation would be an increased security risk though. If I made my own little application, it is probably not as secure as something well tested and mature like the applications that come with the Workstation. However, compromising my application or e.g. the Tor browser wouldn’t matter at all for my own security, it would both have the same consequences, unless my application were to run as root.