[Whonix-devel] [qubes-devel] Re: Circuit isolating proxy?

Patrick Schleizer patrick-mailinglists at whonix.org
Mon Dec 12 21:02:00 CET 2016

William Budington:
> Since the browser is such a large attack surface, for whonix-ws VMs
> which only use Tor Browser, I wonder if access to the control port
> could be fully denied?  It seems so.  Since the Tor Launcher isn't
> actually bootstrapping tor, the control port is only used for the
> "New Identity" functionality, so you'll lose that.  But if you kill
> the `socat` process forwarding 9151, the browser seems to work fine.

[Btw to kill all socat for testing one can use: "sudo service
anon-ws-disable-stacked-tor stop"]

> It seems like the "New Identity" functionality could be implemented
> on the whonix-gw side:
> https://blog.torproject.org/category/tags/new-identity
> Looks like the Tor Browser use of the control port isn't going away,
> though.  And in fact may be increasing in the future:
> https://trac.torproject.org/projects/tor/ticket/9675

Yes. That's why we have the filter.

Btw the full rationale can be found here:

Best regards,

More information about the Whonix-devel mailing list