[tor-talk] Stricter NEWNYM?

katmagic the.magical.kat at gmail.com
Wed Mar 23 03:23:32 UTC 2011


On Sun, 20 Mar 2011 05:13:39 -0500 (CDT)
Scott Bennett <bennett at cs.niu.edu> wrote:

>      On Fri, 4 Mar 2011 10:17:30 -0800 Robert Ransom <rransom.8774 at gmail.com>
> wrote:
> >On Fri, 04 Mar 2011 13:21:22 +0100
> >anonym <anonym at lavabit.com> wrote:
> >
> >> While I've been developing the LiveCDs Incognito and Tails I've got my
> >> fair share of feature requests/bug reports that really are about Tor.
> >> One recurring feature request is to make NEWNYM stricter.
> >>=20
> >> Users have observed that issuing a NEWNYM doesn't necessarily stop using
> >> the previous circuits, which is obviously the case for truly long lived
> >> connections like IRC and SSH, but I don't think that is what bothers
> >> them; web browsing connections also keep using the old circtuits, at
> >> least with certain web browser and intermediate proxy configurations
> >> that makes them "kinda" long lived (think http keep-alive timeouts).
> >> This confuses users when they get the same exit node after a NEWNYM (for
> >> instance by refreshing check.torproject.org afterwards).
> >
> >This can happen even on a new circuit.  Tor does not try to select a
> >different exit node after a NEWNYM has been issued, as that would make
> >users' streams before a NEWNYM more linkable to their streams after the
> >NEWNYM.
> >
> >> Conclusion: NEWNYM doesn't do what the users expect.
> >>=20
> >> That's no good. Why don't we make NEWNYM ruthlessly kill all circuits,
> >> even the ones handling live connections, long lived or not? I strongly
> >> believe this stricter NEWNYM behaviour is (at least closer to) what the
> >> user expects from it. See the attached patch for a quick and dirty
> >> implementation -- a patch says more than a thousand words, I suppose.
> >>=20
> >> Of course, to use NEWNYM requires some caution from the user, e.g.
> >> clearing cookies, session id etc. if revisiting the same site, but that
> >> also affects the old NEWNYM approach. Maybe it's even the case that
> >> NEWNYM gives a false sense of a new identity, given all application
> >> level problems that Tor cannot (or at least shouldn't) do anything
> >> about, and thus we should give a shite?
> >
> >Torbutton would also need a 'new identity' button.  See
> ><https://trac.torproject.org/projects/tor/ticket/523> for some
> >discussion of what that would involve.
> >
> >If you want to close all web-browsing streams while switching to a 'new
> >identity', the best currently possible options are to toggle Torbutton
> >off, then back on, or to quit Firefox entirely and restart it.  (This
> >also requires that you restart Polipo or not be using it.)  Perhaps
> >that should be documented better.
> >
> >Alternatively, a user could use Vidalia's 'Network Map' to close all
> >open web-browsing streams.
> >
> >>                                         In any case, are there any new
> >> problems introduced by this more brutal approach that I haven't thought
> >> of which would make it worse than the previous one?
> >
> >This approach would make it impractical for a user to use IRC or SSH on
> >a LiveCD while browsing without linking the IRC/SSH session to
> >his/her/its browsing activities.  Please separate the 'kill all
> >streams' command from the NEWNYM command.
> >
> >A 'kill all streams' command would be more useful if it came with an
> >implementation of proposal 171 and ended all streams sent by one
> >application (as determined by the application-separation criteria in
> >that proposal).  Unfortunately, that won't become possible until
> >proposal 171 is implemented.
> >
>      Recall that UNIX and LINUX systems are inherently multiuser systems.
> Even if many are not actually used by more than one person, many others are.
> A "kill all streams" command would therefore need to be restricted to use
> only by the system administrator or perhaps a small group of users allowed
> such power over all users who might be using the tor client at the time.
> Otherwise one user could disrupt the work of many other users very easily.
> 
> 
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Someone who can issue controller commands can already close other streams, e.g
via the CLOSESTREAM command.

-- 
Please use encryption. My PGP key ID is E51DFE2C.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110322/98298420/attachment.pgp>


More information about the tor-talk mailing list