[tor-talk] Stricter NEWNYM?
Robert Ransom
rransom.8774 at gmail.com
Wed Mar 9 01:09:29 UTC 2011
On Tue, 8 Mar 2011 20:01:52 -0500
grarpamp <grarpamp at gmail.com> wrote:
> > Please separate the 'kill all streams' command from the NEWNYM command.
>
> Yes, I would make that separate too. I would think a NEWNYM should only
> cause truly TCP new connections to use a new exit.
>
> While this is being examined, please have a look at my
> NEWNYM buckets proposal of 6 jan 2011...
>
> ==========
> I've commonly seen exits (or paths) reused within a certain period
> of time after issuing a NEWNYM.
>
> For the users that have such a need, it would be nice if Tor could
> optionally keep a historical bucket of configurable entry length
> (whether based upon time and/or number of prior nodes/paths used).
> Such that any such nodes or paths would not be reused so long as
> they remained in the bucket according to its expiry rules.
This will harm user anonymity. Circuit path selection must be
independent of the circuits and exit nodes which a client has
previously used.
> And as an aside, to the extent it is not already done, different
> ports on the same host should not necessarily be aggregated over
> the same circuits. I'd wager that they should not, so as to appear
> separate to the observer. Mostly for efficiency. Think of
> checking/writing multiple email accounts on the same provider...
> via IMAP/POP/HTTP/SMTP... without exposing too much relatedness
> due to using the same exit for all at once.
See proposal 171 (and its surrounding discussion). Separating streams
by destination port will not help separate users' web-browsing
activities from their Internet mail connections.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110308/1952e673/attachment.pgp>
More information about the tor-talk
mailing list