Should strict stream isolation by a requirement in Whonix's Default Appliation Policy?


I’ve been quite strict about this. No pre-installation of software which cannot be configured to use a Tor SocksPort. I.e. which pollutes Tor’s TransPort, i.e. that uses system default networking without using a dedicated Tor SocksPort. (That goes for graphical / user applications.) So the DNS for gajim being resolved by Tor’s DnsPort would make gajim unfit for pre-installation in Whonix.

Does the description of the current policy make sense?

I am not sure I have been too strict about this. This for example is one obstacle of installing electrum by default. (ticket) (It’s hard to pre-configure electrum so it would be stream isolated by default.)

When throwing this requirement out of the window, we could end up with users using both gajim and electrum at the same time, all going through the same Tor circuit.


//cc @marmarek


Its a sane policy and makes sense. Its a good defense in depth in case a user launches different identity activities in the same VM by mistake.


@JasonJAyalaP in https://phabricator.whonix.org/T694

I’m thinking that “stream isolation as a requirement” keeps our hands clean in the event of a highly sophisticated attack, while letting our users fumble in in the dark (such as installing pidgin, or installing gajim but not configuring it) or giving up.