[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #8641 [TorBrowserButton]: Create Browser UI indication for current circuit status and exit IP
#8641: Create Browser UI indication for current circuit status and exit IP
----------------------------------+-------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: needs_information
Priority: major | Milestone:
Component: TorBrowserButton | Version:
Resolution: | Keywords: tbb-usability
Actual Points: | Parent ID: #5752
Points: |
----------------------------------+-------------------------------
Comment (by arthuredelstein):
Replying to [comment:20 lunar]:
> Replying to [comment:19 arthuredelstein]:
> > Replying to [comment:18 lunar]:
> > > I don't think it's related to `IsolateDestPort` in any way. Relay
exit policy:
> > > {{{
> > > accept *:443
> > > reject *:*
> > > }}}
> > >
> > > Page is at `https://www.example.org/`. It loads a resource from
`https://another-host.example.net:4242/`. The circuit that has been used
to load the page cannot be used to fetch this resource. How does the patch
you mentioned handle this?
> >
> > As it stands, my patch doesn't make any attempt to handle this
situation. What does the latest version of TorBrowser do now? Presumably
after my patch, the behavior would be the same.
>
> Ok, So I believe you are not fully understanding the effects of the
patch you wrote for #3455, or maybe you shouldn't approximate them to
âfetches third party content over the same circuitâ because to my
understanding, Tor will still create a different circuit for each host
providing resources.
It's certainly possible I'm missing something -- could you explain why you
expect this to happen? My observations of my #3455 patches, from STREAM
and CIRC events in the ControlPort, however, indicate that Tor indeed
creates one circuit per URL bar domain, fetching embedded resources from
third-party domains over the same circuit.
> > > I believe the correct behavior would be to use another circuit. Then
it should be visible in the UI.
> >
> > Is that perhaps a little dangerous as it allows a site to
automatically force clients to make requests through a particular exit
node with a unique whitelisted port?
>
> How would it selects a particular exit node? See the list of
[https://check.torproject.org/cgi-
bin/TorBulkExitList.py?ip=192.0.2.1&port=4242 all exits that should allow
a client to reach `another-host.example.net:4242`].
I wasn't thinking of port 4242 specifically. Port 25 comes to mind. See
https://check.torproject.org/cgi-
bin/TorBulkExitList.py?ip=192.0.2.1&port=25 . It's not a single exit node,
but the options are quite limited compared to, say, port 4242.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8641#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs