[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.
rransom.8774 at gmail.com
Mon Mar 5 22:15:38 UTC 2012
On 2012-03-05, proper at secure-mail.biz <proper at secure-mail.biz> wrote:
> The users awareness for identity correlation through circuit sharing  is
> almost zero. There should be more clear warnings about it on torproject.org.
> People are frequently told to extensively use Google. They do so and will be
> affected. If you google the term  you will see that it has been
> recommended all the time. The version spread at this time was version 423 or
> below . It didn't contain any warning that it's for advanced users only
> and no sentence about identity correlation through circuit sharing. There
> are so many instructions, howtos and blog posts. Everyone suggest to point
> all applications they want to torify to 127.0.0.1:9050. Originally a Tor
> developer brought this to my attention. 
Everyone who suggests using BitTorrent over Tor is pointed to
which mentions that issue. It should be more visible. Perhaps you
could send a patch to add it to the list of warnings on the download
page (see https://svn.torproject.org/svn/website/trunk/download/en/
for the source files).
> Also tails, which is listed on torproject.org, uses only one SocksPort 
> and mixed all activity into the same SocksPort.
Using multiple SocksPorts from the same Tor client only helps if you
are using Tor 0.2.3.x-alpha, which introduced 'stream isolation'. (I
don't think 0.2.2.x supports multiple SocksPorts at all.) Read the
The Tails developers plan to start using Tor 0.2.3.x and 'stream
isolation' as soon as a 0.2.3.x stable release is available. This
might or might not happen in time for Tails 0.11. (But applications
running within Tails have much less information to leak about their
> How to mitigate identity correlation through circuit sharing?
> - do not use DnsPort
> - do not use your local DNS resolver (like always recommend), deactivate it
> while testing
> - use an unique SocksPort for all applications you do not want to be liked
> to one pseudonym
> - tell your application to use remote DNS resolution,
> - if that is not possible, use a wrapper such as torsocks/usewithtor
> - a local DNS resolver who catches all DNS requests and redirects them
> through Tor will probable also not help, as many applications will share the
> same exit for those DNS requests
More importantly, many applications which you did not intend to torify
will use that DNS resolver.
> Unfortunately torsocks/usewithtor  also seams to have only a single
> global configuration file /etc/torsocks.conf , which means you can use it
> only for one pseudonym. If you start more then one application through
> torsocks/usewithtor it may happen that they all share the same circuit/exit.
> There seams to be no option to redirect each application to a different
> SocksPort. It would
> be nice if there were a feature to tell torsocks/usewithtor which IP:PORT to
> use trough command line arguments.
The torsocks command supports a user-specified configuration file
(read the man page). The usewithtor command does not.
I agree that someone should make configuring torsocks easier. (Note
that usernames and/or passwords can be used to separate streams, too.)
>  If you redirect your (for anonymous use) browser, your mail client, your
> irc client, etc. to a single SocksPort (standard 127.0.0.1:9050) everything
> may be routed through the same circuit and exit node. Your real IP remains
> hidden but (most of) your activity can be correlated to the same pseudonym.
This is the main reason that I'm not a fan of TorBOX. It provides
pseudonymity, not anonymity, but most people will think that it
More information about the tor-talk