To add to discussion from Whonix wiki Tor Entry Guards (emphasis added):
“Whonix ™ developer HulaHoop recently approached Tor researcher, Tariq Elahi, to discuss how exposure to malicious guards in multi-Workstation scenarios could be measured. It was discovered that 1 guard/client per internet-connected program (not identity!) is the safest possible configuration. In fact, the probability of a network adversary observing a user’s activities is lower than the default scenario, whereby one Tor Entry Guard is relied upon for all applications. This advice is meant to mitigate the damage from end-to-end correlation attacks that occur when simultaneously using malicious Entry guards + Exits…”
In 9.20.22 response thread renehoj linked HulaHoop say:
Tor’s “default” is of little relevance here since it has no concept of virtualization or different apps.
Interest in renehoj questions. What do you think?