I am now running the stable branch of TBB from ~/ and the hardened alpha from ~/.tb/
What do I need to do to ensure stream isolation? Both browser come directed at 127.0.0.1:9150. I change one to 9152, and 9153. Is this right?
I assume I can safely ignore the red X. Is there a way to safely disable that alert?
What do I need to do to ensure stream isolation? Both browser come directed at 127.0.0.1:9150. I change one to 9152, and 9153. Is this right?No. (https://www.whonix.org/wiki/Tor_Browser#Whonix_Proxy_Settings)
Only as per:
Use one from “Without IsolateDestAddr and without IsolateDestPort: SocksPort 10.152.152.10:9153 to 9159”.
[Effectively] changing/removing proxy settings in Tor Browser might be difficult due to bugs in Tor Browser, not Whonix. Mentioned here:
So I would suggest trying if closing the SocksPort results in what would have to be expected (Tor Browser no longer functioning) so make sure it really is using the SocksPort you think it is using.
Would be easier to use multiple Whonix-Workstations (Multiple Whonix-Workstation) because those are automatically stream isolated.
I assume I can safely ignore the red X. Is there a way to safely disable that alert?Please be more specific.
I meant to say 9153, and 9154.
If that is what I said, would your answer have been “Yes”?
Am I using the correct ports (9153 and 9154) but the wrong address? (127.0.0.1 as opposed to 10.152.152.10?)
Why are they pointing at localhost by default if there is no tor instance there? Are you rerouting it to the gateway somewhere in the worstation?
Having the documentation set up in a never ending loop isn’t very helpful.
“Using Multiple Browsers: Moved to Advanced” > Advanced: “See: Using Multiple Browsers” > “Using Multiple Browsers: Moved to Advanced” > Advanced: “See: Using Multiple Browsers”
In the whonix documentation, everything seems to be talking about 10.152.152.10. But everything in practice is pointed to 127.0.0.1
Where am I supposed to be pointing things like Pidgin?
If that is what I said, would your answer have been "Yes"?No.
Am I using the correct ports (9153 and 9154) but the wrong address? (127.0.0.1 as opposed to 10.152.152.10?)Wrong address, yes. Plus, btw in case of Qubes. you need the IP of Qubes-Whonix-Gateway.
In the workstation…
qubesdb-read /qubes-gatewayWhy are they pointing at localhost by default if there is no tor instance there? Are you rerouting it to the gateway somewhere in the worstation?Explained here (see footnote): https://www.whonix.org/wiki/Tor_Browser#Whonix_Proxy_Settings
The default (first) Tor Browser the workstation being able to use 127.0.0.1 is only a workaround, so we do not have to modify Tor Browser itself, because this is very difficult (fragile) from a distribution perspective. That way Tor Browser works out of the box without proxy settings modifications for most users in most cases. No matter which way installed (ex: tb-updater or manually).
Where am I supposed to be pointing things like Pidgin?From the stream isolation page... "With IsolateDestAddr and with IsolateDestPort: SocksPort: 10.152.152.10:9180 to 9189" (Qubes-Whonix-Gateway IP instead again.)
(For a messenger the options (IsolateDestAddr / IsolateDestPort) are okay. For web browsing not. (Also mentioned on the stream isolation page.)