Stream Isolation for Electron Mail

Hi I am using a great app calledElectron Mail that lets you manage multiple protonmail accounts and maintain isolation and separation. All accounts log through the .onion site which is also good. I am a little confused how to properly implement stream isolation here since it is one app handling multiple accounts simultaneously to protonmail’s onion website. The wiki is not really easy to understand on this… but it provides these options:

  • Without IsolateDestAddr and without IsolateDestPort : SocksPort to 9159
  • With IsolateDestAddr , but without IsolateDestPort : SocksPort to 9169
  • Without IsolateDestAddr , but with IsolateDestPort : SocksPort: to 9179
  • With IsolateDestAddr and with IsolateDestPort : SocksPort: to 9189

I am using as the proxy socks5:// for all the accounts (you specify a proxy for each account). But I am not sure if this is the best choice. Looking for some advice or tips I did review the tor wiki I think it is saying the isolation if the same “stream” is accessing different “addresses” but since this stream is accessing the same address multiple times simultaneously i stayed with the option that does not provide port or destination isolation ( But I could be misunderstanding everything so I thought I would just check which option provides best protection for this scenario

Hi bz3ipfptl2

While this app provides a cool feature I would strongly recommend against using it. If your VM is ever compromised all of your identities could be linked to one another. It is recommend that you use Multiple Whonix-Workstations to separate each torified client or identity.

Your question can be answered as per:

To point you in the right direction.

Since this is not a Whonix specific issue I would first read the torproject documentation:

If you still need help you could ask the electronmail devs for some guidance here:

1 Like