<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Wouldn't concurrent connections actually be of benefit to security, at
least in circumstances where the attacker doesn't know the traffic of
the entire network as a whole, or at least not of what's going on at
the requesting client end? Also, are there any plans to implement a
'dummy ping' system like Jap uses, where a packet will be sent every X
or <X< seconds, just to enhance entropy during times of low or no
traffic? Also, just for reference, do you know of any docs that compare
Jap and Tor in terms of what their methods are and how secure they are
against various attacks? <br>
<br>
Thanks,<br>
Andrew<br>
<br>
Roger Dingledine wrote:
<blockquote cite="mid20060212094435.GI15157@localhost.localdomain"
type="cite">
<pre wrap="">On Sun, Feb 12, 2006 at 03:56:12AM -0600, Mike Perry wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Are multiple TCP connections still multiplexed across a single Tor
circuit?
</pre>
</blockquote>
<pre wrap=""><!---->
Yes.
</pre>
<blockquote type="cite">
<pre wrap="">It would seem to me that this should be a serious compromise
to anonymity. Frequently I am browsing sites that know who I am (or
using AIM, etc) concurrent to accessing those that I'd prefer not to
know me.
</pre>
</blockquote>
<pre wrap=""><!---->
Right.
</pre>
<blockquote type="cite">
<pre wrap="">>From reading the FAQ entry
<a class="moz-txt-link-freetext" href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RemainingAttacks">http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RemainingAttacks</a>
it sounds like I am at risk for an exit server correlating the two
traffic streams.
</pre>
</blockquote>
<pre wrap=""><!---->
Yep.
</pre>
<blockquote type="cite">
<pre wrap="">Are there any plans to disable this circuit sharing mechanism via a
config option?
</pre>
</blockquote>
<pre wrap=""><!---->
No, because a new circuit for every TCP connection is too expensive. For
example, you would open a new circuit for every little 1x1 pixel on the
cnn frontpage. This means it would dramatically slow down Tor for users,
and worse, the public key ops required for making these circuits would
overpower the CPUs of our volunteer servers.
But we've got a new tool for resolving this, if you want to start
experimenting. You can write a Tor controller that intercepts each stream
request and decides, for each destination, which circuit to use.
<a class="moz-txt-link-freetext" href="http://tor.eff.org/cvs/tor/doc/control-spec.txt">http://tor.eff.org/cvs/tor/doc/control-spec.txt</a>
<a class="moz-txt-link-freetext" href="http://tor.eff.org/cvs/control/doc/howto.txt">http://tor.eff.org/cvs/control/doc/howto.txt</a>
And see Geoff's Blossom project for an example:
<a class="moz-txt-link-freetext" href="http://afs.eecs.harvard.edu/~goodell/blossom/">http://afs.eecs.harvard.edu/~goodell/blossom/</a>
It may be best to first think hard about the tradeoffs of various
approaches to dividing streams over circuits, since optimizing for your
anonymity vs somebody else's donated CPU sounds like a pretty tough
graph to nail down. Let us know when you have some designs and we'll
start thinking about how to analyze and compare them.
--Roger
</pre>
</blockquote>
</body>
</html>