Stream isolation of custom applications - Best practices

Hello,

reading through Stream Isolation I successfully configured a custom application inside Whonix Workstation to use one of the predefined SOCKS ports.

I noticed that certain applications, mainly Tor Browser and Thunderbird, use local SOCKS proxies localhost:9050 instead of <Whonix Gateway IP>:<SocksPort>. This is done via package anon-ws-disable-stacked-tor using systemd-socket-proxyd to forward the local SOCKS connection to Whonix Gateway.

I guess, the reason for Tor Browser is prevention of Tor over Tor connections, but with Thunderbird I am not really sure.

Which brings me to the question:
Is it fine for a custom application to just define the Gateway directly , like 10.152.152.10:9162?
Or is it rather a good practice to configure a local redirecting proxy here as well, so addresses will be localhost:9162?
Are there any other benefits despite prevention of Tor over Tor?

Directly to gateway IP is very much OK.

As for the ports, see Stream Isolation

No need. Rationale is here:

1 Like

@Patrick Thank you very much for clarification, question answered.