Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate server isolation using multiple Tor circuits #209

Closed
tladesignz opened this issue Sep 24, 2019 · 4 comments
Closed

Investigate server isolation using multiple Tor circuits #209

tladesignz opened this issue Sep 24, 2019 · 4 comments

Comments

@tladesignz
Copy link
Contributor

Should we use per-server circuits?

https://2019.www.torproject.org/docs/tor-manual.html.en

Check out EnforceDistinctSubnets and IsolateDestAddr config options.

Could use a lot of resources according to this discussion:

https://tor.stackexchange.com/questions/12268/isolatedestaddr-and-isolatedestport-usage

Idea came from this.

https://tb-manual.torproject.org/managing-identities/

Even if you connect to two different sites that use the same third-party tracking service, Tor Browser will force the content to be served over two different Tor circuits, so the tracker will not know that both connections originate from your browser.
@ghost
Copy link

ghost commented Oct 24, 2019

If resource utilization is too high, then maybe it should be an option rather than default. I have no idea if battery life and CPU/RAM would be greatly affected, especially on older phones. I'm running an iPhone SE and would probably not want this feature all the time depending on effects.

@mtigas
Copy link
Member

mtigas commented Oct 27, 2019

The IsolateDest options aren't really designed for web browsing (mostly because it pins unique circuits to unique destinations in a way that is probably bad for anonymity, in addition to it also being bad for performance).

But! The TBB model is actually not a bad idea. I believe it's actually simpler: circuit changes if the address bar host:port changes. (Might also get a new circuit for a new browser tab?) Though we could check with the Browser Team for specifics too.

You automatically get a different circuit (or set of circuits) if you provide a different SOCKS5 username or password to Tor's SOCKS proxy -- so we wouldn't actually need to do any live config changes to Tor via the control port. (Also: reusing a previously-used value would use the previous circuit if Tor still has it active.) I think we could do this in the part of the interceptor/protocol handler/whatever that hooks the SOCKS proxy onto the UIWebView traffic. (On a train with poor wifi right now, but happy to poke around some more on this.)

@mtigas mtigas mentioned this issue Dec 11, 2019
Closed
@mtigas
Copy link
Member

mtigas commented Dec 11, 2019
edited

Bringing in some research/thoughts from #226:

Did a little bit of testing on an idea. I changed the socksport line in OnionManager.swift to this:

            "--socksport", "39050 IsolateSOCKSAuth NoIsolateDestPort NoIsolateDestAddr",

And then this bit in JAHPAuthenticatingHTTPProtocol.m (adding the User and Password lines):

	if (socksProxyPort > 0) {
		proxyDict[@"SOCKSEnable"] = @YES;
		proxyDict[(NSString *)kCFStreamPropertySOCKSProxyHost] = proxyHost;
		proxyDict[(NSString *)kCFStreamPropertySOCKSProxyPort] = [NSNumber numberWithInteger: socksProxyPort];
		proxyDict[(NSString *)kCFStreamPropertySOCKSUser] = @"onionbrowser";
		proxyDict[(NSString *)kCFStreamPropertySOCKSPassword] = @"asdfid";
	}

[...]

So certainly all the Safari traffic is using circuit 1, since the UIWebView is configured to set that SOCK5 user/pass. (Except for when visiting the homepage .onion. I need to read the spec some more, but I think it may be using circuit 4 for that one, since that's the HS_CLIENT_REND connection to the rendezvous point for the onion service, in the six-hop link that happens with onion serices.)

Basically the config makes it so that we have to handle which things share circuits (set NoIsolateDestPort NoIsolateDestAddr), rather than Tor's default behavior of every remote host and port getting a different circuit.

(So I think implementing proper isolation bits would actually fix this problem too.)

Problem is, I took a look and the Psiphon code that sets the SOCKS port (if (socksProxyPort > 0) above) is only called once, as the URLSession is only set up once.

I think I know the ID we'd want to use, which is something like this in BrowsingViewController (ignore the debug bits and any other minor errors) :

	func tabCircuitId() -> String {
		let host:String = currentTab?.url.host ?? ""
		let tabIdStr="\(currentTabIndex);\(host)"
		debug("\n\n\n=============\nTAB=\(tabIdStr)\n===============\n\n\n")
		return tabIdStr
	}

But I don't see an easy way of untangling things and sending that over to where the JAHPAuthenticatingHTTPProtocol or URLSession (or etc) gets that config, to replace @"asdfid", for example.

@tladesignz
Copy link
Contributor Author

Ok, I think we won't do this. Too much effort for too little gain.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mtigas @tladesignz