[tor-bugs] #8641 [TorBrowserButton]: Create Browser UI indication for current circuit status and exit IP

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jul 25 08:10:37 UTC 2014 

#8641: Create Browser UI indication for current circuit status and exit IP
----------------------------------+-------------------------------
     Reporter:  mikeperry         |      Owner:  mikeperry
         Type:  enhancement       |     Status:  needs_information
     Priority:  major             |  Milestone:
    Component:  TorBrowserButton  |    Version:
   Resolution:                    |   Keywords:  tbb-usability
Actual Points:                    |  Parent ID:  #5752
       Points:                    |
----------------------------------+-------------------------------

Comment (by arthuredelstein):

 Replying to [comment:20 lunar]:
 > Replying to [comment:19 arthuredelstein]:
 > > Replying to [comment:18 lunar]:
 > > > I don't think it's related to `IsolateDestPort` in any way. Relay
 exit policy:
 > > > {{{
 > > > accept *:443
 > > > reject *:*
 > > > }}}
 > > >
 > > > Page is at `https://www.example.org/`. It loads a resource from
 `https://another-host.example.net:4242/`. The circuit that has been used
 to load the page cannot be used to fetch this resource. How does the patch
 you mentioned handle this?
 > >
 > > As it stands, my patch doesn't make any attempt to handle this
 situation. What does the latest version of TorBrowser do now? Presumably
 after my patch, the behavior would be the same.
 >
 > Ok, So I believe you are not fully understanding the effects of the
 patch you wrote for #3455, or maybe you shouldn't approximate them to
 “fetches third party content over the same circuit” because to my
 understanding, Tor will still create a different circuit for each host
 providing resources.

 It's certainly possible I'm missing something -- could you explain why you
 expect this to happen? My observations of my #3455 patches, from STREAM
 and CIRC events in the ControlPort, however, indicate that Tor indeed
 creates one circuit per URL bar domain, fetching embedded resources from
 third-party domains over the same circuit.

 > > > I believe the correct behavior would be to use another circuit. Then
 it should be visible in the UI.
 > >
 > > Is that perhaps a little dangerous as it allows a site to
 automatically force clients to make requests through a particular exit
 node with a unique whitelisted port?
 >
 > How would it selects a particular exit node? See the list of
 [https://check.torproject.org/cgi-
 bin/TorBulkExitList.py?ip=192.0.2.1&port=4242 all exits that should allow
 a client to reach `another-host.example.net:4242`].

 I wasn't thinking of port 4242 specifically. Port 25 comes to mind. See
 https://check.torproject.org/cgi-
 bin/TorBulkExitList.py?ip=192.0.2.1&port=25 . It's not a single exit node,
 but the options are quite limited compared to, say, port 4242.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8641#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list