A convention on listen port local or all network interfaces etc. would be desirable.
At the moment it looks like there is no convention on where server applications listen by default, on localhost or all interfaces.
Whonix is a Debian derivative with focus on anonymity, privacy and security. To oversimplify it, we preconfigure Debian with these goals in mind.
Usually applications using Tor ephemeral hidden services such as ricochet-im, onionshare, ZeroNet, unMessage listen on localhost only.
Due to Whonix's workstation, gateway split design, applications using Tor ephemeral hidden services need to listen on the workstation's external interface rather than on the workstation's localhost.
* read https://github.com/AnemoneLabs/unmessage/issues/2
* read https://github.com/ricochet-im/ricochet/issues/512
* finish draft
* improve draft
* send to debian-devel mailing list
* discuss on debian-devel