[tor-bugs] #1950 [Tor bundles/installation]: Security problem?

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Sep 28 18:17:16 UTC 2010


#1950: Security problem?
---------------------------------------+------------------------------------
  Reporter:  Drogist                   |       Owner:  erinn        
      Type:  defect                    |      Status:  closed       
  Priority:  major                     |   Milestone:               
 Component:  Tor bundles/installation  |     Version:  Tor: 0.2.1.26
Resolution:  invalid                   |    Keywords:               
    Parent:                            |  
---------------------------------------+------------------------------------
Changes (by mwenge):

  * status:  new => closed
  * resolution:  => invalid


Comment:

 You need to use the TrackHostExits option I think:

 {{{
  TrackHostExits host,.domain,...
   For each value in the comma separated list, Tor will  track  recent
 connec‐
   tions to hosts that match this value and attempt to reuse the same exit
 node
   for each. If the value is prepended with a '.', it is treated as
 matching an
   entire  domain.  If  one  of the values is just a '.', it means match
 every‐
   thing. This option is useful if you frequently connect to  sites  that
 will
   expire  all  your authentication cookies (ie log you out) if your IP
 address
   changes. Note that this option does have the disadvantage of making it
 more
   clear  that  a given history is associated with a single user. However,
 most
   people who would wish to observe this will observe  it  through  cookies
 or
   other protocol-specific means anyhow.
 }}}

 What is happening is your gmail session is using more than one exit node,
 and gmail is interpreting this as you logging in from separate browsers.

 I'm going to close this because it seems obvious that this is your
 problem, so please reopen if it persists when you use the option above.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1950#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list