Is the Whonix advice on using multiple guards better than the Tor standard?

The Whoinx advice is that using multiple Whoinx VMs is safer because it allows you to route your traffic though multiple gaurds, which prevents a single guard seeing all the traffic.

Specifically, using one VM for each app you want to use with Tor, e.g. your browser and email client does share the same Whoinx gateway.

Is this better, or does it just increase the chance of routing some traffic though a bad guard node?

Does it matter if the guard sees all the traffic, considering that all the traffic is encrypted, does this in any way change the probability of the guard getting access to the traffic needed to deanonymize the target?

If you use two Whoinx gateways, one for your browser and one for your email. If both email and browser can be used to deanonymize you, does double the guards not also double the chance of getting deanonymized?

To add to discussion from Whonix wiki Tor Entry Guards (emphasis added):

“Whonix ™ developer HulaHoop recently approached Tor researcher, Tariq Elahi, to discuss how exposure to malicious guards in multi-Workstation scenarios could be measured. It was discovered that 1 guard/client per internet-connected program (not identity!) is the safest possible configuration. In fact, the probability of a network adversary observing a user’s activities is lower than the default scenario, whereby one Tor Entry Guard is relied upon for all applications. This advice is meant to mitigate the damage from end-to-end correlation attacks that occur when simultaneously using malicious Entry guards + Exits…”

In 9.20.22 response thread renehoj linked HulaHoop say:
Tor’s “default” is of little relevance here since it has no concept of virtualization or different apps.

Interest in renehoj questions. What do you think?

More guards and decentralized stuff should be good; bitcoin works well for example but his trust is based on greedy of others people who needs compete to win some prize. Seeing tor we could imagine we should don’t mutual hurt each other ; but we are humans . Humans do good and bad things.

There are no magical solutions to use tools on some way make all us safe and yet we need them. All depends from what purpose and necessity by individuals to archive goals.


red0bear thanks for thoughts. Do you think tor project (e.g. @arma @nickm etc etc) might comment on whether one guard per application increases protection from malicious entry guards?

Bitcoin have many robots and crawlers peers for example and still working. tor works well but you need consider version are you using and others layers protections, That’s demands time and effort.


OK. Do you think that 1 guard/client per internet-connected program is the safest possible configuration?