Questions regarding Tor identity

As I have read in the Whonix docs, Whonix (Tor in general) offers stream isolation. Regarding this, and regarding Tor identity in general, I have some questions.

  1. Docs say:

Stream isolation provides protection against identity correlation through circuit sharing.

How exactly does it work? Because when I am having several tabs open and operating them, they should all be the same identity. And when I want a new identity, I have to reopen the browser.

What benefit does stream isolation provide here?

  1. I have thought about using Firefox instead of Tor browser in Whonix, because all traffic is forced over Tor anyway.

2.1 What is the difference between using Tor browser in Whonix, and Firefox in Whonix then?

2.2 Is stream isolation somehow possible with Firefox? How can I get a new browser identity at all when using Firefox in Whonix? I am not sure if reopening the browser does the trick, like it is with Tor browser.

  1. If I have several Whonix VMs running (within Qubes) at the same time, are they isolated from each other as well, hiding that they are operated from the same person? (I’m 99% sure the answer is yes, but you can’t be safe enough).

Thank you very kindly.

The generic answer I have seen is that this is not a Whonix issue but a Tor or Firefox issue.
That being said there has to be some resposibility shared within Whonix since Tor is the defacto browser provided by the Whonix system.
Instructions have been provided to change the Tor Browser configuration, but it would be better if some of the sharper people actually groomed the configuration with a more insightful eye.
Providing an indadequately configured browser by default would set up users to fail.
My concerns were piqued when reveiwing the NoScript settings and seeing the default rules pretty much accepting everything from a site along with:

  • media.peerconnection set to true
  • Location, camera, microphone, notifications, virtual reality all unblocked
    The absence of add-ons that seem to be necessary to prevent tracking (at least per reviews):
  • privacy badger (EFF-org makes the installed HTTPS Everywhere)
  • ublock origin
  • disconnect
    The last two add-ons light up like a christmas tree with trackers during general use of the Tor browser outside of whonix.
    As I understand Tor has a fairly large attack surface to begin with and it’s based on firefox with its inadequacies.
    There are a couple of user.js preference files that might help.
    The biggest place where the security gurus could help the newbies is offer answers as to why the settings are as they are or addons not used. Maybe it has something to do with bread crumbs left behind by these addons or settings. Or the act of blocking is actually used to track usage or meta-data.
    Maybe an active forum to allow individuals to share their improvements or feedback on Tor browser security settings/addons.
    This response isn’t intended to drum up angst, and even more to light a flame war. It’s more just share your frustration.

Different tabs and websites in Tor Browser are isolated by since Tor Browser version 4.5-alpha-1. [4]

Tor Browser should set SOCKS username for a request based on first party domain (#3455) · Issues · Legacy / Trac · GitLab

Discouraged. Reasons:

Whonix ™ Tor Browser Differences

In theory, yes: Developer your own Tor Browser.
In practice: probably not.

I am not sure if reopening the browser does the trick, like it is with Tor browser.

It does not.

I have some experience of usage both Tor Browser and Firefox ESR inside Workstation. So, I’ll try to answer your question.

Stream Isolation means that every site your visit in a separate tab in Tor Browser has it’s own Tor circuit. For example, if your open site 1 in tab 1, site 2 in tab 2 and site 3 in tab 3 each site you visit will have it’s own Tor circuit.

When you use Tor Browser, you don’t need to reopen browser to create new tor circuit for each site for each tab. You just need to press Ctrl+Shift+L in order to change Tor circuit for the site.

But when you use Firefox ESR, then it is highly likely that Stream Isolation won’t work well. With Firefox ESR, it’s is highly likely that multiple tabs have the same Tor circuit. To change Tor Identily for any app other than Tor Browser, you need to open tor-control-panel in Gateway, go to Utilities tab and press New Identity. But it is not guaranteed that Tor exit node or even the whole Tor circuit will be changed using this approach!

Yes, but

Browser fingerprint and lack of Stream Isolation. When you use Firefox inside Whonix, an attacker can easily see that you are a unique man who uses Firefox over Tor. Only several men in the world use Firefox over Tor, but thousands of people use Tor Browser. So, you will be pseudonymous. I have described the way how it’s possible to make Firefox ESR fingerprint simmilar to Tor Browser here:


But that’s not all. You still have to disable WebGL, other malware and blah-blah-blah something like that:

So, guys from Tor Project are making huge job for debloating and hardering Firefox ESR in order to create safe Tor Browser on its base. Tor Browser itself is hardened Firefox plus Tor binary. So, in Whonix Workstation, Tor Browser is just hardened Firefox because Tor binary itself is provided through Gateway.

I don’t think it’s possible. If you really need to use Firefox instead of Tor Browser, it is better to have only one tab and use only one site during each session.

“New Identity” buttion inside Tor control panel on Gateway.

Technically isolated, yes. But social engineering can still be used to try to deanonymize a person. Or at least, reducing anonymity to pseudonimity if possibe.

1 Like