I read stream isolation page and didn’t fully understand how it works. I used the Tor Browser and Remmina at the same time on Workstation with different activities I don’t want to link. Remmina is installed with apt, default settings on both Remmina and Tor Browser were used. Never changed stream isolation settings on Whonix. Is there a possibility that Tor Browser and Remmina used the same circuit?
1 Like
I think the question you probably are asking is if it’s reasonably likely that Tor Browser and Remmina used the same circuit. It’s definitely possible they used the same circuit, since there are only so many Tor relays and they may have both been randomly given the same circuit (or different circuits that go through the same exit node). That being said, it’s not likely that they’re both using the same circuit.
- Tor Browser is designed to talk to Tor’s SOCKS proxy directly. It tells Tor when a new circuit is needed, so that different circuits are used for different websites.
- Remmina is probably not using Tor’s SOCKS proxy directly. It is likely going through transparent proxying instead. All applications that use transparent proxying use the same circuit.
Because Tor Browser isn’t using transparent proxying, it’s very likely not using the same circuit as Remmina. However, any other applications that rely on transparent proxying will go through the same circuit as Remmina.
1 Like
An easy summary is: Use Multiple Whonix-Workstation. These are automatically stream isolated from each other “in most cases”. For details, see that wiki page, stream isolationis documented there.
Nitpick:
This should maybe be written as:
Remmina is probably not using a Tor’s SOCKS proxy directly.
Because even if Remmina was using a Tor SocksPort it would most likely (and if the user is following instructions) use a Tor SocksPort different from the Tor SocksPort that Tor Browser is configured to use.
But this is only a theoretical concern due to, quote:
Tor Browser has a feature Tor Browser should set SOCKS username for a request based on first party domain. Tor Browser makes use of Tor’s
IsolateSOCKSAuthoption. Whonix does not break this feature. [5]
Since there are no instructions for how to configure Remmina for stream isolation, it was very most likely using Tor’s Transparent Proxy (that Whonix configured).
In any case, Whonix is correctly configured to instruct Tor to keep Tor Browser and transparent proxying (such as Remmina) separated. What Tor makes of this is up to Tor only. If one wanted to investigate this deeply, they could use tor-ctrl-observer - Tor Connection Destination Viewer.
1 Like
Makes sense, will try to remember that.
1 Like