[tor-talk] isolating multiple server requests

Allen allenpmd at gmail.com
Wed May 27 12:49:51 UTC 2015


I have a client application that Tor to communicate with several servers.
For privacy reasons, it is important that after each request, the client
starts with a "fresh slate" so the server is not able to tell that the next
request is coming from the same client.  (Note that after the client
restarts it's session with a particular server, it will never use the
previous session again.)

It is my vague understanding there might be three ways to accomplish this:

1. The client can make a new connection to the Tor proxy with a new unique
username, see
https://gitweb.torproject.org/torspec.git/tree/socks-extensions.txt.  My
concern here is that over time, the Tor proxy will build up a long list of
prior usernames that are never going to be used again.

2. The client can send Tor proxy a NEWNYM signal on its control port.  My
concerns here are that:

a. The spec implies Tor proxy might ignore that signal, see
https://gitweb.torproject.org/torspec.git/tree/control-spec.txt

b. It is not clear to me how to be certain when the request has completed
and it is safe to attempt a new connection.

c. That would reset circuits to all servers, including some circuits that
might be in use.  While I don't think that would result in an error, it
would slow down those requests and make Tor do unnecessary work to
reestablish circuits.

3. The client can somehow talk directly to the Tor controller to establish
new circuits.  My concern here is the complexity and potential to make a
programming mistake that leads to information disclosure.

What is the best approach in this situation?
 
Thanks much.




More information about the tor-talk mailing list