We don't recommend TransPort for this reason. (See below.)
which is documented as on by default under SessionGroup: By default, streams received on different SocksPorts, TransPorts, etc are always isolated from one another. This option overrides that behavior. The other default isolation flags are documented in the man page: IsolateClientAddr and IsolateSOCKSAuth There are also some internal flags that are always on: All the isolation flags that aren't named as defaults are not defaults.
separate circuit for each DNS request is slow (for clients) and expensive (for the network). And regardless of isolation, resolving DNS addresses at a different exit to the one that connects can cause privacy issues, and it can result in slower connections. So we recommend SOCKSPort or HTTPTunnelPort instead, because they support sending DNS names to exits as part of the connection request. Here are a few general reasons for the defaults: * many applications expect to have a single source IP address for all their connections, and * building a circuit for each destination is expensive, but * isolating different users is important, so we automatically isolate different source IP addresses, and automatically isolate applications which have different socks usernames or passwords (users or developers should configure each application with a random socks username and password) T |
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev