[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #26586 [Applications/Tor Browser]: Enumerate background connections that Tor Browser makes on its catch-all circuit



#26586: Enumerate background connections that Tor Browser makes on its catch-all
circuit
------------------------------------------+----------------------
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  task                      |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 I know that Tor Browser makes connections over the Tor network when I
 click on a page. But what does it load on its own, in the background? And
 on what time schedules?

 I have three goals with asking:

 * Is my Tor Browser doing something in the background that is dangerous
 for my anonymity? An example here would be an ssl transparency design that
 uploads summary information about the ssl certs I've seen lately.

 * These background connections use the catch-all circuit, so they are
 isolated from the content that I intentionally load, but they are lumped
 into the same circuit with each other. Are there anonymity implications
 with combining any of these background connections together on the same
 circuit?

 * The Tor client has a bunch of logic to start saving bandwidth if you
 don't use it for a long while, but each of these background connections
 counts as "use", so the Tor client in a Tor Browser never does any of its
 bandwidth-saving measures. I wonder if there's some design where we stop
 doing the background things that don't need to be done, once the rest of
 Tor Browser has been idle for a while, or we give some way to tell the Tor
 client that those don't "really" count as use, or what. Maybe this idea
 will be too complicated to do, but the first step is understanding what
 connections we are receiving and why.

 GeKo points out that tjr made a start at this list for an earlier esr:
 https://trac.torproject.org/projects/tor/ticket/21200#comment:4
 and he also suggested that having this list documented (and thus I guess
 "kept up to date" too) in the "hacking" document would be a good move.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26586>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs