[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Need help with Stream Isolation Guide

In my virtualbox I had Whonix Gateway 8.0 (yes almost 3 years old) and Windows 8 as Workstation. I have since imported the latest whonix gateway 13.0.0.14 as a new VM. My issue is I have a program that does multiple connections to the internet and with the old 8.0 gateway I monitor the connections coming out of the gateway and it goes to 3 tor entry nodes properly doing a stream isolation BUT in Whonix Gateway 13 it only goes to 1 tor entry node.

I have done the better protection section of the guide like I did on gateway 8.0 and I am not sure what I am doing wrong now. https://www.whonix.org/wiki/Stream_Isolation#Better_Protection

In newer version of Tor the number of guards was reduced for more security against deanonymization attacks. Stream isolation has nothing to do with the number of guards. Its purpose is to create new paths with different middle and exit nodes for separate applications in the workstation that are explicitly configured to use that feature to prevent linking all their traffic to a single identity.

1 Like

Ok. I thought it was the other way around and running multiple connections through 1 entry node / guard was risky. For example the application I use does not have socks ports setup, so how would I know if by the second node tor routed it to different nodes?

How do I know that the second possibility of identity correlation in the first diagram of this wiki is not occurring?

With the older Whonix at least I could see it going to different entry nodes and I assumed it looked like the first possibility of the diagram but I have no way of confirming it if it only goes to one node like it does now. I am not worried even if I am caught because I am not doing anything illegal or morally wrong, I am just doing this for privacy reasons but I am sure the activists of the world would want some way of confirming what is going on.

Edit: Thinking about it some more, is there anyway for applications without socks port setup to do stream isolation? Would it not be better for an application that I can’t do socks port setup and has multiple connections to internet to go through different tor entry nodes?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]