iry:
For clarification, my understanding is that some of the pre-installed programs in Whonix-Workstation will share the use of Tor transport. And since
IsolateDestPortandIsolateDestAddrcan’t be set for Tor transport, this policy will cause programs that can’t be assigned a socksport sharing of same circuit when they are running at the same time. Is this correct?
Correct.
If so, can we at least somehow document on what those programs are?
Sure, lets add them here:
And maybe even open a brief ticket for each of them so that we can assign them a socksport whenever it’s possible?
Good idea.
I noticed
/usr/share/tor/tor-service-defaults-torrcprovided the rationale that the reason whyIsolateDestPortandIsolateDestAddrcann’t be enabled is because of the file sharing program, is there any other common use case we can come up with that prevents us from enabling them?
Any custom installed application by the user that behaves in similar
ways. Cannot be foreseen.
If not, maybe I can think about how to deal with it.
That would be interesting.
Managing programs without Tor Socks / DNS Support
https://phabricator.whonix.org/T772
I described here a generic way that should allow stream isolating any
application even better than our current torsocks based implementation: