Discuss the problem of tor traffic using nodes in APPvm with the same or different sys-whonix
When multiple APPVMs use the same sys-whonix, will the tor traffic node server used by each appvm be different or the same?
When each appvm uses an independent sys-whonix, are the tor traffic node servers different?
It depends if stream isolation is configured for the (presumed) anon-whonix application(s):
Therefore, if it is not on the list(s), then Tor circuits will be shared.
Yes, each will utilize different Tor guard relays by default:
First of all, thanks for the reply. If I just use separate software for each whonix-workstation appvm, will the traffic be isolated?
It’s anecdotal but when I open multiple whonix ws disps, I get different countries in what is my IP searches. I’m using a single sys-whonix for networking
In both cases, traffic from any client VM (using a Whonix Gateway as its netvm) goes through a different set of circuits than traffic from any other client VM. Similar to running Tor on multiple hardware devices. But two circuits can coincidentally use the same exit node, which is normal and also like running Tor on multiple hardware devices. The exit node and the destination host can’t easily tell that the two circuits are operated by the same user. (Although they could take note if e.g. both connections drop at the same time due to a power/ISP outage. The destination host can do this just as well if the two exit nodes are different.)
That page is about fine grained circuit isolation within one client VM (using a Whonix Gateway as its netvm). There’s an unconditional baseline circuit isolation between different client VMs. See the IsolateClientAddress option in the tor manpage, which is enabled by default.
How do you detect and confirm that your appvm is using a different IP? What is the command?
Does the result returned by this command return all IPs passing through the node, or does it return something?
Is there a way to check that we can verify?
However, I checked the IP using the tor browser of different appvm and it was indeed different.
Is there any other feasible method to more intuitively see that the IPs are different to determine the identity isolation problem of different APPvm?