[tor-bugs] #15482 [Tor]: Don't surprise users with new circuits in the middle of browsing

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Sep 1 18:58:00 UTC 2015 

#15482: Don't surprise users with new circuits in the middle of browsing
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  yawning
  mikeperry              |     Status:  needs_revision
         Type:           |  Milestone:  Tor: 0.2.7.x-final
  enhancement            |    Version:  Tor: unspecified
     Priority:  normal   |   Keywords:  tbb-usability, tbb-wants, tor-core,
    Component:  Tor      |  PostFreeze027, TorCoreTeam201509
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mikeperry):

 Replying to [comment:37 nickm]:
 > To consider: Looks pretty plausible, but I'm still worried by having
 circuits that are potentially immortal, where dirtiness simply never
 matters.  We'd be losing the property that, after enough time has passed,
 you can be sure that old stuff isn't going on the same circuits you're
 still using.

 This property does not make sense for Tor Browser, because it's not how
 web sessions work (see comment:31). You don't just get to "wait a while"
 and suddenly your browser sessions are unlinkable. They are only
 unlinkable insofar as we actively enforce it by identifier management in
 the browser (which is identical to our socks auth usage). Any more
 surprise partial unlinkability you try to randomly sprinkle on the user is
 just usability failure.

 If you insist on having a max if/when this merges, please ensure that Tor
 Browser can turn that completely off via another flag/parameter, or we're
 going to have to keep a silly patch around to disable it ourselves :/.

 As for the randomness, I'm indifferent to it. It could prove useful, but I
 should point out that whatever you do there, you should also do to the
 timestamp_dirty updates for rend circs in
 connection_ap_handshake_attach_circuit(), otherwise you may create another
 distinguisher there. They have long since behaved exactly like this patch
 makes normal circuits behave, so we might as well keep them identical in
 whatever we decide.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15482#comment:39>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list