'Jackie' via qubes-users:
One way to find out for sure. Open /etc/torrc (or ~/.config/tor/torrc,
or other torrc location), and look for stream isolation flags. Make sure
you understand exactly what each one means.
IsolateClientAddr
Don’t share circuits with streams from a different client address.
(On by default and strongly recommended when supported; you can disable
it with NoIsolateClientAddr. Unsupported and force-disabled when using
Unix domain sockets.)
IsolateSOCKSAuth
Don’t share circuits with streams for which different SOCKS
authentication was provided. (For HTTPTunnelPort connections, this
option looks at the Proxy-Authorization and X-Tor-Stream-Isolation
headers. On by default; you can disable it with NoIsolateSOCKSAuth.)
IsolateClientProtocol
Don’t share circuits with streams using a different protocol.
(SOCKS 4, SOCKS 5, TransPort connections, NATDPort connections, and
DNSPort requests are all considered to be different protocols.)
IsolateDestPort
Don’t share circuits with streams targeting a different destination
port.
IsolateDestAddr
Don’t share circuits with streams targeting a different destination
address.
https://www.torproject.org/docs/tor-manual.html.en
Since IsolateClientAddr is on by default, and since every whonix-ws has
a different address, one can assume that circuits will never be shared
between different VMs. So a single gateway should sufficiently isolate
traffic from different VMs.
Important note: Applications accessing the same Tor instance, via any
SOCKS address/port, can discover information about the remote
destinations of other applications on the same Tor instance.
So the reason to use two separate Tor instances (whonix-gw VMs) is only
if you're worried about untrusted or exploitable applications which
could discover where other applications (even on different workstation
VMs connected to the same gateway) are visiting. But it has nothing to
do with external traffic analysis or stream isolation or anything like that.
This is the same reason it's not recommended to expose your Tor SOCKS
port to the local network or anywhere else. Anyone who can access it can
find out what sites you're visiting.
For example, if you have two whonix-ws VMs using the same whonix-gw, a
browser in VM1 could be exploited and discover what sites you are
visiting in VM2.
So, in theory, you are right for using two different whonix-gw VMs, one
for anonymous work and one for non-anonymous work. However, I would
imagine that the Qubes and Whonix developers know about this and have
done everything right. I just don't know enough about Qubes/Whonix in
particular.
As far as entry guards... Yes, I believe the cloned VM will use the same
guards, at least initially. However I don't think guard selection is
deterministic, so after a while (usually a month) the two VMs will
select a new, different set of guards.
Generally you want to use as few guards as possible, so you want to use
the same ones in as many places as possible. To be precise, you want to
always use the same guard to connect to a given location (to the best
extent that is practical, anyway).
So if whonix-gw1 and whonix-gw2 are both connecting to
google.com using
different guards, the likelihood of being deanonymized by a confirmation
attack is doubled (as compared to if they were using the same guards).
However, using two whonix-gw instances with different guards is really
no different than installing Tor on two different machines in the same
network (e.g. laptop and tablet), which is generally safe. It's up to
you to weigh the risks.
-------------------------------------------------
This free account was provided by VFEmail.net - report spam to
ab...@vfemail.net
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!