Wouldn't concurrent connections actually be of benefit to security, at
least in circumstances where the attacker doesn't know the traffic of
the entire network as a whole, or at least not of what's going on at
the requesting client end? Also, are there any plans to implement a
'dummy ping' system like Jap uses, where a packet will be sent every X
or <X< seconds, just to enhance entropy during times of low or no
traffic? Also, just for reference, do you know of any docs that compare
Jap and Tor in terms of what their methods are and how secure they are
against various attacks? Thanks, Andrew Roger Dingledine wrote: On Sun, Feb 12, 2006 at 03:56:12AM -0600, Mike Perry wrote:Are multiple TCP connections still multiplexed across a single Tor circuit?Yes.It would seem to me that this should be a serious compromise to anonymity. Frequently I am browsing sites that know who I am (or using AIM, etc) concurrent to accessing those that I'd prefer not to know me.Right.>From reading the FAQ entry http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#RemainingAttacks it sounds like I am at risk for an exit server correlating the two traffic streams.Yep.Are there any plans to disable this circuit sharing mechanism via a config option?No, because a new circuit for every TCP connection is too expensive. For example, you would open a new circuit for every little 1x1 pixel on the cnn frontpage. This means it would dramatically slow down Tor for users, and worse, the public key ops required for making these circuits would overpower the CPUs of our volunteer servers. But we've got a new tool for resolving this, if you want to start experimenting. You can write a Tor controller that intercepts each stream request and decides, for each destination, which circuit to use. http://tor.eff.org/cvs/tor/doc/control-spec.txt http://tor.eff.org/cvs/control/doc/howto.txt And see Geoff's Blossom project for an example: http://afs.eecs.harvard.edu/~goodell/blossom/ It may be best to first think hard about the tradeoffs of various approaches to dividing streams over circuits, since optimizing for your anonymity vs somebody else's donated CPU sounds like a pretty tough graph to nail down. Let us know when you have some designs and we'll start thinking about how to analyze and compare them. --Roger |