[tor-dev] [tor-talk] Open streams on the fly

benjaminlincoln at lavabit.com benjaminlincoln at lavabit.com
Mon Jan 21 15:45:53 UTC 2013 

> On Mon, Jan 21, 2013 at 2:56 PM,  <benjaminlincoln at lavabit.com> wrote:
>>>> I see, tor already implements such a flag, ISO_STREAM.
>>
>> I attached a simple formal proposal for this idea. Please discuss.
>
> Proposals go to tor-dev, not tor-talk.
>
> Before you re-send, you should check out the discussion (what there is
> of it) on ticket #7553 at
> https://trac.torproject.org/projects/tor/ticket/7553 .  The major
> concern at the time was the performance impact from a large number of
> users all activating this option.  The discussion on the ticket has
> stalled; it would be nice to reboot the discussion on tor-dev and try
> to bring it to a conclusion.
>
> In particular, if people think *this* is a good way to "maintain
> separate identities" for something like web browsing, that's an
> accidental DOS attack waiting to happen.
>
>
Following Nicks's advice I would like to start a discussion on ticket 7553.

https://trac.torproject.org/projects/tor/ticket/7553

I think this feature should be exposed to the user.

I refrained from writing "implemented" because this feature is already
implemented. Not exposing it to the user will not stop Bad Guy(TM) from
using it because it can easily be enabled by a trivial 2-line patch to
tor.

This will not lead to DOS. Circuits being created is slow for the user. I
doubt anyone will enable this for real-time, interactive communication
like surfing. It hurts anonymity, too. Cypherpunks patch mentions this.

 	895	    **IsolateStream**;;
 	896	        Don't share circuits at all, i.e. isolate each stream to an
individual
 	897	        circuit. (Not suitable for browsing or general use, where it
*will hurt
 	898	        your anonymity* due to the noisy request profile. The
constant creation
 	899	        of new circuits will also be excruciatingly slow for you and
put
 	900	        unnecessary load on the Tor network.)

Most protocols, in particular HTTP(S), explicitly request their
connections to be kept alive. IsolateStream will not have a real effect on
these protocols.

More information about the tor-dev mailing list