I see. Instead of just relying on Whonix to correctly route ws system
default traffic through Tor’s Dns- and TransPort would be pointing it to
a specific socks port. Either by proxy settings or a socksifier (such as
torsocks / uwt).
The problem is, that each extra configuration makes Whonix more mystic
and more difficult to understand by auditors. Generating lots of
questions why doing this etc. Involving extra files and complexity.
You can reach the same by disabling transparent proxying. Documented here:
Then manually configure iceweasel to use a SocksPort. (Documented as per
https://www.whonix.org/wiki/Stream_Isolation ) (Otherwise it could not
And I am certain, that there are no leaks of this kind due to Whonix’s
design. If you disagree, the answer again would be to disable
transparent proxying. Thereby turning Whonix-Gateway into a full
Less usable (no applications without proxy setup would work anymore),
but arguably better leak protection.