I don't know your policy who is permitted to edit Tails's TODO items, so I share my comments regarding separate Tor streams [1] here. For readers who never heard about stream isolation please see the Tor manual. (Isolate...) [7]
Thanks for considering separate Tor streams. Since I already added [5] separate Tor streams to aos [2] I made a summary aos's implementation. It is preferred to add one SocksPorts per application to /etc/torrc. Of course only for applications which are expected to issue network activity. Configure all applications, which support socks settings, to point to their designated SocksPort. Alternatively you could also re-use one SocksPort multiple times and use different socks passwords. I preferred not to do that, because not all applications do support socks passwords and because I trust applications more to have a bug free socks port implementation than socks password implementation. (Because much more users do use socks ports than socks passwords.) Also for simplicity it was easier to use separate SocksPorts for everything. By the way, you may ask yourself, using ten or more SocksPorts does not result in opening more circuits than usual, at least not that I ever observed. Unfortunately, not all applications support socks settings. Somehow they have to be pointed to their own SocksPort anyway. Tor does not include (multiple) HttpPort(s) [8] and it's not on the horizon. I requested a similar feature for privoxy [9] but chances are very low. There is another discussion about this on tor-talk [10] but the suggested solution [11] is imho unfeasible and error prone. torsocks's usewithtor unfortunately doesn't support choosing different SocksPorts by using parameters. The torsocks configuration file has to be changed. Also if the user types wget in console it should be torified. Therefore I made a fork of torsocks's usewithtor, which I call uwt. [13] [14] Wrappers are used (hint given by interigi) to let wget etc. when issued in console or by other applications to use uwt, thus getting separate SocksPorts. (Adding that feature upstream is unlikely. torsocks is practically unmaintained, no progress with torsocks's issues for a long time [15] and other issues. [12] torsocks could need a new (co-)maintainer.) A hack how to force non-socks (and non-proxy) aware applications to use separate SocksPorts is documented. (uwt) [13] Cheers, adrelanos [1] https://tails.boum.org/todo/separate_Tor_streams/ [2] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ [3] https://trac.torproject.org/projects/tor/wiki/torbirdy#Privoxy [4] https://lists.torproject.org/pipermail/tor-talk/2012-July/024782.html [5] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/ApplicationWarningsAndNotes#Identitycorrelationthroughcircuitsharing [6] https://github.com/adrelanos/aos/blob/devel/aos_shared/usr/local/bin/torcheck [7] https://www.torproject.org/docs/tor-manual-dev.html.en [8] https://trac.torproject.org/projects/tor/ticket/6060 [9] http://sourceforge.net/tracker/?func=detail&aid=3541363&group_id=11118&atid=361118 [10] https://lists.torproject.org/pipermail/tor-talk/2012-June/024497.html [11] https://lists.torproject.org/pipermail/tor-talk/2012-June/024498.html [12] https://trac.torproject.org/projects/tor/ticket/6155 [13] https://trac.torproject.org/projects/tor/wiki/doc/torsocks [14] https://github.com/adrelanos/aos/blob/devel/aos_shared/usr/local/bin/uwt [15] https://code.google.com/p/torsocks/ [16] TorBrowser (socks proxy settings), XChat (socks proxy settings), Thunderbird with TorBirdy (socks proxy settings to socks port, http proxy to privoxy [3] [4] and privoxy also gets a separate SocksPort, Instant Messenger (socks proxy settings), apt-get (uwt wrapper), gpg (uwt wrapper), ssh (uwt wrapper), git (uwt wrapper), htpdate (uwt wrapper), wget (uwt wrapper), torcheck [6] (uwt wrapper), BitCoin (socks proxy settings), privoxy (socks proxy settings), polipo (socks proxy settings) _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
