settings for stream isolation for JDownloader ?

JDownloader for flash and mp4 online , have the disadvantage that must wait for watch from the midle to the end of video for downloading but cant have them all , its a promise alternative of flash plugin browser , must set it for stream isolation for security, so in settings\connection manager\ set socks4 or socks5 ? and host/port ______? and username\pasword ?

  • I have electrum bitcoin client inside whonix workstation allready installed and set it as :, port 9111, Socks 5 .

Please don’t make the same post in multiple places. Makes it difficult for people to figure out where to reply. And confusing for people who search later and find multiple threads. Instead, just link to this post from the other one so people can post replies in one thread.

IP address is always Whonix Gateway’s address (presently in default vbox and 10.137.x.1 in qubes). No authentication.

Port selection is application-specific: Stream Isolation
Use an unused port or optionally, if available, one that has been reserved for that purpose (example 9111 for bitcoin).

Socks protocol choice is application-dependent: settings for stream isolation for JDownloader ? - #6 by Patrick

1 Like

i am sorry , deleted already the double post.

No , that i write for btc client set that i allready have set , now i want to set JDownloader and for that i ask.

So i have set the btc client on port 9111 and Socks 5 as that is documented on ,
now for JDownloader witch port can put ? JDownloader cant speaks SOCKS 4a ? i see options gived Socks 4 & Socks 5, so i will give it Socks 5 .

Define necessary. It’s socks4a - imagined it’s correctly implemented in the application which sometimes is a big assumption(!) - certainly is preferred over socks4. We don’t want DNS related identity correlation. It’s best to have that isolated also.

I don’t know the relative advantages of any of the socks protocols versus another in terms of security.

Application dependent. Applications might have a leak-free socks4a implementation and a broken socks5 implementation or vice versa. Difficult to be sure. That is TorifyHOWTO, hard, and why Whonix was created.

IIUC then TransparentDNS should only be necessary if your applications use socks4 and/or have leaky socks4a/5 implementations… (or of course, no proxy settings at all).
User configuration of stream isolation not as trivial as I had assumed.

@anonymityISright Disregard my earlier post. Please re-read my reply - corrected many inaccuracies.

@Ego Is it preferred to make a big edit to previous post? or post a new reply? Bad to change history but also bad to leave erroneous info…

From Stream Isolation

Without IsolateDestAddr and without IsolateDestPort: SocksPort to 9159 
With IsolateDestAddr, but without IsolateDestPort: SocksPort to 9169 
Without IsolateDestAddr, but with IsolateDestPort: SocksPort: to 9179 
With IsolateDestAddr and with IsolateDestPort: SocksPort: to 9189

Don’t know how JDownloader works so maybe someone else can advise further. Things to consider:

  1. You may be connecting concurrently to multiple sites (ie youtube & vimeo) and you’d like to keep your identities separate - in that case you should use With IsolateDestAddr.
  2. If JDownloader only downloads one video at a time, and connects to multiple mirrors for the same video, then probaby Without IsolateDestAddr
  3. Probably Without IsolateDestPort - depends on website & JDownloader.

If nobody says otherwise, probably safe to use 9160-9169.


Yes. If that was simple and reliable, there would be less need for Whonix to begin with.

The utilitarian inside me prefers to do whatever is most beneficial. I would go for big edits and fixed if helps plus a comment that the post was edited to avoid confusion. Perhaps quoting and using strike through for the old post.

I would say With IsolateDestAddr and with IsolateDestPort because it opens relatively few connections. IsolateDestPort is probably irrelevant but would not hurt if you ever come across a website that offers multiple ports.

Then IsolateDestAddr would not hurt either.

I was thinking that it would be unusual (hurt anonymity / fingerprinting) for a user to be downloading one video via multiple Tor exit nodes. (Don’t know if true but) assuming that a JDownloader download is indistinguishable from a browser stream, then TBB users would not be using IsolateDestAddr.


I was thinking that it would be unusual (hurt anonymity / fingerprinting) for a user to be downloading one video via multiple Tor exit nodes.

I don’t think IsolateDestAddr would result in using multiple Tor exit
relays in that case. Since only 1 destination IP is involved. Even if
jdownloader made several connections to that same one IP, it would not
isolate it.

(Don’t know if true but) assuming that a JDownloader download is
indistinguishable from a browser stream, then TBB users would not be
using IsolateDestAddr.

Tor Browser does not use IsolateDestAddr anyhow. That would be bad
design for reasons explained if you follow the tickets… [4] Rather…

Quote stream isolation wiki page:

Different tabs and websites in Tor Browser are isolated by since Tor
Browser version 4.5-alpha-1. [4]

Thank all of you for reply’s.

From your directions on that topic i set JDownloader for: Socks 5 proxy , Host ip address,
and 9160 port .
After restart tor, giving new identity and restart JDownloader , i download a video from for test ,
works successfully,
BUT that now please can tell me if is more anonymous way to watch flash\mp4 from the other way (adobe flash plugin on TBB in whonix)? * adobe flash plugin in TBB on whonix is pseudonymous and not anonymous , and JDownloader will be pseudonymous to if not isolated properly.

Ignore Patrick at your peril. Use 9180-9189.

Stream isolation is probably not your biggest concern. The question is whether JDownloader appears to be itself or something different when it downloads (fingerprint incl user-agent, etc). Would have to check JDownloader docs - program not necessarily designed with privacy in mind.


  • Do either JDownloader or Adobe Flash make me uniquely identifiable to the website?
  • If answer to both is no, then compare anonymity sets of each. Are there more users using JDownloader to download from Vimeo? Or are there more users using TBB with flash installed for same purpose?
  • Also compare with using Chrome - that has flash built-in (so will be same for all chrome users) - and ask if Google has improved flash privacy (or made it worse)? I don’t know.
  • Finally, if you are somewhat identifiable, are there reliable methods to spoof your identity.

*JDownloader can’t make me uniquely identifiable to the website so much as adobe flash on TBB from one hand because of fingerprint protection that serves TBB and even if i set JDownloader for isolation. On the other hand , adobe flash is so bad for privacy technically so if enable it on TBB whonix transform the anonymity of TBB to pseudoanonymity.
*Are more users that use adobe flash TBB whonix than JDownloader isolated whonix because the last is less documented ,less known , need more configuration .
*Chrome have not fingerprint protection like TBB.
*i am pseudonymous when use adobe flash on TBB whonix , so there is no way to be true anonymous when watch flash videos online or download them . 'That i understand until now, confirm that please.


After restart tor

No need to restart Tor.

I guess from a browser fingerprinting perspective, you may be better off
using any of the many video download web based services using Tor
Browser. I speculate for downloading videos, these are more usable and
more popular.

That is the most anonymous way defiantly, , , and these works great. The disadvantage in that method is that must wait for complete the download of a video if want to watch form the middle to the end for example , need more time compare with adobe flash plugin on TBB , but can’t have them all .

And a must if install adobe flash plugin on whonix and later uninstall it (dellete flash cookies):

My special thanks to Patrick and entr0py.