[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

Robert Ransom rransom.8774 at gmail.com
Mon Mar 5 22:15:38 UTC 2012


On 2012-03-05, proper at secure-mail.biz <proper at secure-mail.biz> wrote:
> The users awareness for identity correlation through circuit sharing [0] is
> almost zero. There should be more clear warnings about it on torproject.org.
>
> People are frequently told to extensively use Google. They do so and will be
> affected. If you google the term [1] you will see that it has been
> recommended all the time. The version spread at this time was version 423 or
> below [2]. It didn't contain any warning that it's for advanced users only
> and no sentence about identity correlation through circuit sharing. There
> are so many instructions, howtos and blog posts. Everyone suggest to point
> all applications they want to torify to 127.0.0.1:9050. Originally a Tor
> developer brought this to my attention. [3]

Everyone who suggests using BitTorrent over Tor is pointed to
https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea ,
which mentions that issue.  It should be more visible.  Perhaps you
could send a patch to add it to the list of warnings on the download
page (see https://svn.torproject.org/svn/website/trunk/download/en/
for the source files).

> Also tails, which is listed on torproject.org, uses only one SocksPort [4]
> and mixed all activity into the same SocksPort.

Using multiple SocksPorts from the same Tor client only helps if you
are using Tor 0.2.3.x-alpha, which introduced 'stream isolation'.  (I
don't think 0.2.2.x supports multiple SocksPorts at all.)  Read the
man page.

The Tails developers plan to start using Tor 0.2.3.x and 'stream
isolation' as soon as a 0.2.3.x stable release is available.  This
might or might not happen in time for Tails 0.11.  (But applications
running within Tails have much less information to leak about their
user.)

> How to mitigate identity correlation through circuit sharing?
> Ideas...
> - do not use DnsPort
> - do not use your local DNS resolver (like always recommend), deactivate it
> while testing
> - use an unique SocksPort for all applications you do not want to be liked
> to one pseudonym
> - tell your application to use remote DNS resolution,
> - if that is not possible, use a wrapper such as torsocks/usewithtor
> - a local DNS resolver who catches all DNS requests and redirects them
> through Tor will probable also not help, as many applications will share the
> same exit for those DNS requests

More importantly, many applications which you did not intend to torify
will use that DNS resolver.

> Unfortunately torsocks/usewithtor [5] also seams to have only a single
> global configuration file /etc/torsocks.conf [6], which means you can use it
> only for one pseudonym. If you start more then one application through
> torsocks/usewithtor it may happen that they all share the same circuit/exit.
> There seams to be no option to redirect each application to a different
> SocksPort. It would
> be nice if there were a feature to tell torsocks/usewithtor which IP:PORT to
> use trough command line arguments.

The torsocks command supports a user-specified configuration file
(read the man page).  The usewithtor command does not.

I agree that someone should make configuring torsocks easier.  (Note
that usernames and/or passwords can be used to separate streams, too.)


> [0] If you redirect your (for anonymous use) browser, your mail client, your
> irc client, etc. to a single SocksPort (standard 127.0.0.1:9050) everything
> may be routed through the same circuit and exit node. Your real IP remains
> hidden but (most of) your activity can be correlated to the same pseudonym.

This is the main reason that I'm not a fan of TorBOX.  It provides
pseudonymity, not anonymity, but most people will think that it
provides anonymity.


Robert Ransom


More information about the tor-talk mailing list