>> cause truly TCP new connections to use a new exit. Oops, there's word swap in there :)
>> I've commonly seen exits reused within a certain period >> of time after issuing a NEWNYM. >> >> For the users that have such a need, it would be nice if Tor could >> optionally keep a historical bucket of configurable entry length >> (whether based upon time and/or number of prior exits used). >> Such that any such exits would not be reused so long as >> they remained in the bucket according to its expiry rules. > > This will harm user anonymity. Circuit path selection must be > independent of the circuits and exit nodes which a client has > previously used. Again, oops. I did mean to remove the instances of the 'path' word from the above, as I can't see now where it would serve any purpose to bucket paths. Only the exit bucketing part was what I wanted to say. I've modified the quote as such. I don't presume your note applies to the bucketing of only exits? If so, how? As I don't see it. For example, I commonly do network testing. I want to hit NEWNYM and never see that same exit over some number of future new TCP connections. Since some of my destination sets [say port 80] have the following truth: usable exit count >= number of destinations, that would work great for me. >> And as an aside, to the extent it is not already done, different >> ports on the same host should not necessarily be aggregated over >> the same (exits). I'd wager that they should not, so as to appear >> separate to the observer. Mostly for efficiency. Think of >> checking/writing multiple email accounts on the same provider... >> via IMAP/POP/HTTP/SMTP... without exposing too much relatedness >> due to using the same exit for all at once. > > See proposal 171 (and its surrounding discussion). Separating streams > by destination port will not help separate users' web-browsing > activities from their Internet mail connections. I again corrected the path word above to exits. There was an excellent proposals summary posted to dev recently, so I'll head off to read that before replying further to this part. Yet I will leave an example. Say a user has multiple email accounts at a provider using the same reasonably common GECOS field, 'Bob'. Or the user may be messaging the same remote destinations from multiple unique accounts. Now, in order to provide an extra degree of separation, the user can: 1) use only http, and have to newnym between serial use of accounts. 2) use http from one exit, https from another, smtp/pop from one, submission/imap from another. Four accounts, four exits, in parallel. All to potentially the same single mail provider's IP (fronted by load balancers, whatever). Excepting human factors, and observing source addresses, the provider would see the usage as different users. That separation is a good thing in the anonymity space. [let's ignore for now that newnym buckets haven't yet been implemented so as to enable that reliably without explicit exit mapping... the same exit may recur at some unpredictable time in the future, afaik] _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
