[tor-dev] Tor Browser IsolateSOCKSAuth behavior questions.

Georg Koppen gk at torproject.org
Mon Jun 1 07:43:50 UTC 2015

Yawning Angel:


> My question is, what causes Tor Browser to set the SOCKS username to
> "--unknown--" and what the behavior should be in that case if:

Ideally, "--unknown--" would only be used for requests originating from
privileged browser code and not belonging to a website/resource a user
requested. This would encompass things like extensions update requests,
browser update requests, blocklist checks, requests issued by installed
extensions to name just a few. In reality, however, we are not there yet
(see e.g. #13670, #15599, #15555, #15569 + plus there is at least one
bug I have not filed yet).

>  * The destination is a ".onion" address.

#15499 should give you an idea (although I am not sure whether that
ticket is still valid)

>  * The destination is a ".i2p" address.

I don't know. Maybe we/you should coordinate that with the I2P folks?

>  * The destination is the I2P management console.
>    I'm fairly sure this should be "deny".

Sounds good.

>  * The destination is any other address (will be dispatched over Tor if
>    running, I don't think I will attempt to support I2P outproxies
>    because they suck).  (I think allow because things break otherwise?)

I am not sure, honestly. What do you have in mind?


> The final form of my shim will support running with any combination of
> "nothing" (Tor Browser just for the "privacy benefits", probably
> unsafe, I may reconsider this), I2P, and Tor (Though the most useful
> configuration is probably I2P + Tor).

Sounds useful, indeed. But I think we should make clear to users that
this will not be a proper Tor Browser replacement as you need knowledge
of the browser state to make correct assumptions on whether to put
requests into the "--unknown--" bucket or not. And I currently don't see
how your shim is able to accomplish that.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150601/4a92f6a4/attachment.sig>

More information about the tor-dev mailing list