[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.
mikeperry at torproject.org
Wed Mar 7 18:59:02 UTC 2012
Thus spake Nick Mathewson (nickm at alum.mit.edu):
> On Mon, Mar 5, 2012 at 7:20 PM, <proper at secure-mail.biz> wrote:
> >> (Note that usernames and/or passwords can be used to separate
> >> streams, too.)
> > Is this documented somewhere?
> If you're asking this question, you *really* want to check out all the
> isolation flags in the documentation for SocksPort in the Tor 0.2.3.x
> manpage. For a more full discussion of how it was designed, see
> proposal 171. If there's anything missing in the manpage, please let
> us know.
> Stream isolation is one of the big features in Tor 0.2.3.x, but it's a
> bit hard to figure out how to use it up most effectively. This is
> something I hope people can help come up with good ideas and
> documentation for.
The plan for TBB is to use the "Request Origin" as the SOCKS password to
isolate web activity by urlbar domain/navigation session. The "Request
Origin" roughly translates to the referer domain.
We'll probably also use "mozilla" or "TBB" as the SOCKS username, to
address Robert's concerns in
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the tor-talk