[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

proper at secure-mail.biz proper at secure-mail.biz
Mon Mar 5 21:43:06 UTC 2012

The users awareness for identity correlation through circuit sharing [0] is almost zero. There should be more clear warnings about it on torproject.org.

People are frequently told to extensively use Google. They do so and will be affected. If you google the term [1] you will see that it has been recommended all the time. The version spread at this time was version 423 or below [2]. It didn't contain any warning that it's for advanced users only and no sentence about identity correlation through circuit sharing. There are so many instructions, howtos and blog posts. Everyone suggest to point all applications they want to torify to Originally a Tor developer brought this to my attention. [3]

Also tails, which is listed on torproject.org, uses only one SocksPort [4] and mixed all activity into the same SocksPort.

How to mitigate identity correlation through circuit sharing?
- do not use DnsPort
- do not use your local DNS resolver (like always recommend), deactivate it while testing
- use an unique SocksPort for all applications you do not want to be liked to one pseudonym
- tell your application to use remote DNS resolution,
- if that is not possible, use a wrapper such as torsocks/usewithtor
- a local DNS resolver who catches all DNS requests and redirects them through Tor will probable also not help, as many applications will share the same exit for those DNS requests

Unfortunately torsocks/usewithtor [5] also seams to have only a single global configuration file /etc/torsocks.conf [6], which means you can use it only for one pseudonym. If you start more then one application through torsocks/usewithtor it may happen that they all share the same circuit/exit. There seams to be no option to redirect each application to a different SocksPort. It would
be nice if there were a feature to tell torsocks/usewithtor which IP:PORT to use trough command line arguments.

[0] If you redirect your (for anonymous use) browser, your mail client, your irc client, etc. to a single SocksPort (standard everything may be routed through the same circuit and exit node. Your real IP remains hidden but (most of) your activity can be correlated to the same pseudonym.
[1] google for "https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO"
[2] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO?version=423
[3] https://lists.torproject.org/pipermail/tor-talk/2012-March/023496.html
[4] https://tails.boum.org/contribute/design/Tor_enforcement/
[5] https://code.google.com/p/torsocks/
[6] https://code.google.com/p/torsocks/source/browse/trunk/src/torsocks.conf

powered by Secure-Mail.biz
- anonymous and secure e-mail accounts.

More information about the tor-talk mailing list