>> Would you still set a max lifetime for a circuit to accept new streams of 2 >> hours, or would the circuit potentially persist forever? > > Nick set a max lifetime in his updated version of the patch that also > deals with non-Tor Browser activity, but I am not convinced that a max > is a great idea yet. He also randomized the per-circuit max from > [0,max], which seemed not great for usability.
Regardless of whether you use a maximum, I think it is an obvious improvement to randomize the “typical” circuit switch time (use a new randomly-selected time with each new circuit). A deterministic time makes it possible to predict when a client should switch circuits and thereby facilitates tracking. This is a recommendation from Hutha and Danezis’s “Linking Tor Circuits” (Sec. 5.3) [0]. >> In fact, I think it would be great for TorBrowser to treat each >> tab/window as a separate identity and send *all* streams in a >> given tab/window over the same path (i.e. sequence of relays). > > The 4.5 series of Tor Browser actually already does a form of this, but > instead of per tab, we do per URL bar domain. If you have two tabs open > to Facebook, all of those content elements will use the same circuit, > but Facebook like buttons on cnn.com will use the cnn.com circuit. > In addition to being a more sane way of handling web browsing, it also > enables a very simple circuit status UI. The Torbutton menu now tells > you the current circuit for the site in the URL bar in a compact display > that is no larger than the dropdown menu itself. Interesting - I did not know this! An adversarial destinations could still observe new circuits by including resources from other domains that he controls, which would be prevented by per-tab circuits, but this does seem like very good feature. Cheers, Aaron _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
