I've read somewhere that running Tor over another Tor connection is not only non-productive but actually dangerous?
For example: say I were running TBB on my machine and was running Whonix in 2 VMs on the same machine. Would it be better or worse or indifferent to map the whonix gateway's network connection to the host machine's Tor SOCKS5 proxy?
Quoted from TorifyHOWTO (written by me, but never been disputed):
When using a transparent proxy, it is possible to start a Tor session from the client as well as from the transparent proxy, creating a "Tor over Tor" scenario. Doing so produces undefined and potentially unsafe behavior. In theory, however, you can get six hops instead of three, but it is not guaranteed that you'll get three different hops - you could end up with the same hops, maybe in reverse or mixed order. It is not clear if this is safe. It has never been discussed.
You can ​choose an entry/exit point, but you get the best security that Tor can provide when you leave the route selection to Tor; overriding the entry / exit nodes can mess up your anonymity in ways we don't understand. Therefore Tor over Tor usage is highly discouraged.
https://trac.torproject.org/projects/tor/ticket/5611#comment:2
The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements.
Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your TBB activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link.
The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation.
BUT what if you run TOR within a VM and then run Tor through the host, and force the VM traffic through the host's tor circuit as well? It would seem in that case each instance of Tor is independent of each other and is rather a situation where Tor doesn't know what Tor is doing, hence allowing each instance to select its own distinct set of nodes. In that case, any correlation would have to be based upon knowledge of the VM, which an adversary isn't likely to have, unless of course, they've already gained access to your system, in which case TOR isn't going to help you at all anyways.
