(1) transaction broadcasts (tx) go through Tor via Whonix-Gateway to onion peers
(2) blockchain sync goes with Transport via Whonix-Gateway through Tor to seed nodes and leave Tor on Tor exit node
→ IP/DNS leaks prevented by Whonix-Gateway
→ stream isolation for (1)
→ no stream isolation for (2) unless there are no additional connections through Transport from same Whonix-Workstation. If there are additional connections through Transport from the same Whonix-Workstation you have to avoid that applications are connected to a kind of the same pseudonym to prevent identity correlation.
For best protection against identity correlation: Stream Isolation
^ by following these instructions, either proxy settings are adhered one way or another (socks proxy settings or socksifier such as torsocks) or no traffic at all.
What’s better, using a socksifier or proxy settings method? Nobody is researching that to my knowledge. In Whonix, the risk is traffic going through Tor’s TransPort (transparent torification) instead thorough a dedicated Tor SocksPort. That risk is way too theoretic, obscure to anyone making it a priority to work on.
I would expect something such as orjail might be better suited for torification (non-Whonix use case) or better stream isolation enforcement (Whonix use case). orjail / torsocks as kinda “mini Whonix netwoking”.
Thanks for your posts as this is a very interesting topic.
To apply this for running an monerod service using Whonix the approach of “Better Protection” is not applicable as “All applications not configured to use a SocksPort by socks proxy settings or forced to use a SocksPort by a socksifier will not be able to establish connections.”
Because according to Monero Anonymity Networks and Monero Reference using Whonix custom socks ports with ./monerod --tx-proxy tor,10.152.152.10:9153,10 --add-peer=[onionservice]:[port] still means that blockchain sync and forwarded transactions (those not originating from connected wallet) go still through clearnet to seed nodes.
Therefore if changing firewall settings according to “Better Protection” blockchain sync and forwarded transactions are not possible.
And using “Better Protection” configuration with this command DNS_PUBLIC=tcp torsocks monerod --p2p-bind-ip 127.0.0.1 --no-igd will work, but every outgoing connections especially transactions goes through Tor to seed nodes and leave Tor on Tor exit node which is undesirable as it could potentially lead to identity correlation by leaving Tor exit nodes.
To summarize currently this is the most beneficial way to run monerod on Whonix: ./monerod --tx-proxy tor,10.152.152.10:9153,10 --add-peer=[onionservice]:[port]
Thank you very much for your response. Slowly I get a deeper understanding.
Please excuse me if it is obvious but is the “TransPort” port 9050 or another port (if it is another which and where is it documented)? Thank you.
As port 9153 is a custom socks port I assume that I found a mistake on the following page and section: Dev/anon-ws-disable-stacked-tor - Whonix Here is stated that port 9153 is used by Tor Messenger and forwarded to Whonix Gateway. From my understanding this is not the case as on the streamline isolation page it is stated that 9153 can be used as custom socks port for own application.
That is confusing indeed.
9153 in workstation was Tor Messenger default ControlPort being redirected to gateway 9051 ControlPort (actually control port filter proxy, onion-grater).
9153 on the gateway is a custom SocksPort.
A bit messy but no longer an issue since Tor Messenger was deprecated years ago.