[Whonix-devel] [qubes-devel] Re: Circuit isolating proxy?
patrick-mailinglists at whonix.org
Mon Dec 12 21:02:00 CET 2016
> Since the browser is such a large attack surface, for whonix-ws VMs
> which only use Tor Browser, I wonder if access to the control port
> could be fully denied? It seems so. Since the Tor Launcher isn't
> actually bootstrapping tor, the control port is only used for the
> "New Identity" functionality, so you'll lose that. But if you kill
> the `socat` process forwarding 9151, the browser seems to work fine.
[Btw to kill all socat for testing one can use: "sudo service
> It seems like the "New Identity" functionality could be implemented
> on the whonix-gw side:
> Looks like the Tor Browser use of the control port isn't going away,
> though. And in fact may be increasing in the future:
Yes. That's why we have the filter.
Btw the full rationale can be found here:
More information about the Whonix-devel