[tor-talk] SocksPort: Circuit isolation is not Exit isolation

[Nick Mathewson]

On Tue, Sep 11, 2012 at 12:21 AM, grarpamp <grarpamp at gmail.com> wrote:
>>> The typical use case is wanting to use multiple accounts on the
>>> same site at once, with a guarantee that you're not appearing to
>>> be from the same exit and thus are not as easily linked.
>
>> This doesn't make sense to me.  If you've got two requests open from
>> the same exit to the same site, using different accounts, then all the
>> site can tell is that two Tor users (or maybe one) are connecting to
>> it.  That's also the same conclusion it could reach if the two
>> requests were coming from the same exit.
>
> Sentence 2 and 3 appear to be the same?
>
>> Is there a better use case here?
>
> I think that if I was watching the site logs and userA and userB
> continually logged in daily at about the same times from the same
> exit, I might infer them to be the same user. I might not even be
> aware IP's in logs are multiuser tor/proxy nets. Now add in similar
> client app versions, handshakes, account names, headers, settings,
> etc... and parameter by parameter the linkage gets stronger, even
> without infringing upon content. Keep the exits different and it's
> weaker.

Actually, it's stronger!

Let's say that there are 50 accounts that all log in to my site over Tor.

Let's say that there are N tor exits, and let's pretend that each exit
is chosen with probability 1/N.

If anonAccountA and anonAccountB are run by different users, I'd
expect them to use the same exit 1/N of the times that they both log
in.

But if, over time, I see that anonAccountA and anonAccountB both
sometimes use some of the same exits, but they never use the same exit
at the same time, I can conclude that they are run by the same user,
and that user has enabled some kind of exit isolation option.

-- 
Nick