[tor-dev] Tor Browser IsolateSOCKSAuth behavior questions.

Yawning Angel yawning at schwanenlied.me
Sun May 31 15:01:37 UTC 2015 

Hello,

I've been working on a dumb hack that lets me do things like this:
https://imgur.com/3mah244 (Yes, that's a single Tor Browser instance,
separate windows used for illustrative purposes.)

It's still very raw and doesn't do everything I want it to do, so I'm
not really releasing the code yet, but I have some questions regarding
how Tor Browser behaves when setting the SOCKS username for isolation
purposes.

Ideally I want my shim to enforce isolation between the various
upstreams (Tor, I2P, whatever) correctly to avoid cross-protocol
probing (and to shield the I2P administration interface from eeevil
websites).

This appears to be straight forward if the application is Tor Browser
because IsolateSOCKSAuth is always used at first glance (I will assume
for now that if users decide to use things like torsocks that do not
use isolation this way that they know what they are doing).

My question is, what causes Tor Browser to set the SOCKS username to
"--unknown--" and what the behavior should be in that case if:

 * The destination is a ".onion" address.

 * The destination is a ".i2p" address.

 * The destination is the I2P management console.

   I'm fairly sure this should be "deny".

 * The destination is any other address (will be dispatched over Tor if
   running, I don't think I will attempt to support I2P outproxies
   because they suck).  (I think allow because things break otherwise?)

For destinations that are ".onion"/".i2p", I plan to be fairly strict
about making sure the SOCKS5 target and the username matches (I need to
be more relaxed for sites on the regular intertubes since cross-site
resources are loaded (I may make this behavior configurable...).  Is
this dumb?  Is it common for "foo.onion" to load resources off
"bar.onion"?  How about in I2P land?

The final form of my shim will support running with any combination of
"nothing" (Tor Browser just for the "privacy benefits", probably
unsafe, I may reconsider this), I2P, and Tor (Though the most useful
configuration is probably I2P + Tor).

Thanks in advance,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150531/41a3fcee/attachment.sig>

More information about the tor-dev mailing list