-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Thanks everyone for the excellent feedback, that was very helpful in understanding the issues at play.
s7r:
But this is not the proper way to use Bitcoin behind Tor. So stream isolation for clearnet type circuits shouldn't even be a concern. Whonix's tor-service-defaults-torrc chooses to disable automatic per-peer stream isolation for Bitcoin's SOCKS port and I think it does the right thing, because this is not how Bitcoin should be used behind Tor.
Yes, I'm aware that Bitcoin Core supports stream isolation without relying on a torrc setting. Even if Whonix is doing the right thing here, the comments in Whonix's file suggest that they're doing it for the wrong reason.
It should also be noted that not all Bitcoin clients do what Bitcoin Core does (and in fact part of the motivation for my inquiry was to determine if I should be submitting patches to those clients to make them mimic what Bitcoin Core does). Using a torrc setting would probably provide some useful defense-in-depth in case a Bitcoin client isn't doing stream isolation on its own.
Cheers, - -- - -Jeremy Rand Lead Application Engineer at Namecoin Mobile email: jeremyrandmobile@airmail.cc Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C Send non-security-critical things to my Mobile with OpenPGP. Please don't send me unencrypted messages. My business email jeremy@veclabs.net is having technical issues at the moment.