[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Stricter NEWNYM?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-talk] Stricter NEWNYM?
From: anonym <anonym@xxxxxxxxxxx>
Date: Fri, 04 Mar 2011 13:21:22 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 04 Mar 2011 07:51:24 -0500
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=lavabit; d=lavabit.com; b=Gdozo4gX7FdVzaVPkzmtTcLvdNjP5dtQIV+bFhdlhBXlGBBNjeNkbr+U8k2W/oDc/rbGii1Jheu3hpj7BaZRcjL8YRQAstiPbqVQWI0rTuTGvZp05SJyl7k3YDhZmejsVKPIUMB8tIwATjkqhnBAiGbEiTaDh3Zg9gwImK6x3Lg=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:X-Enigmail-Version:OpenPGP:Content-Type;
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=D0E64958; url=http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD0E64958
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20110205 Lightning/1.0b3pre Thunderbird/3.1.7

Hi,

While I've been developing the LiveCDs Incognito and Tails I've got my
fair share of feature requests/bug reports that really are about Tor.
One recurring feature request is to make NEWNYM stricter.

Users have observed that issuing a NEWNYM doesn't necessarily stop using
the previous circuits, which is obviously the case for truly long lived
connections like IRC and SSH, but I don't think that is what bothers
them; web browsing connections also keep using the old circtuits, at
least with certain web browser and intermediate proxy configurations
that makes them "kinda" long lived (think http keep-alive timeouts).
This confuses users when they get the same exit node after a NEWNYM (for
instance by refreshing check.torproject.org afterwards).

Conclusion: NEWNYM doesn't do what the users expect.

That's no good. Why don't we make NEWNYM ruthlessly kill all circuits,
even the ones handling live connections, long lived or not? I strongly
believe this stricter NEWNYM behaviour is (at least closer to) what the
user expects from it. See the attached patch for a quick and dirty
implementation -- a patch says more than a thousand words, I suppose.

Of course, to use NEWNYM requires some caution from the user, e.g.
clearing cookies, session id etc. if revisiting the same site, but that
also affects the old NEWNYM approach. Maybe it's even the case that
NEWNYM gives a false sense of a new identity, given all application
level problems that Tor cannot (or at least shouldn't) do anything
about, and thus we should give a shite? In any case, are there any new
problems introduced by this more brutal approach that I haven't thought
of which would make it worse than the previous one?

Cheers!

diff -Naur tor-0.2.2.22-alpha.old/src/or/circuitbuild.c tor-0.2.2.22-alpha.newnym/src/or/circuitbuild.c
--- tor-0.2.2.22-alpha.old/src/or/circuitbuild.c	2011-01-25 22:33:39.000000000 +0100
+++ tor-0.2.2.22-alpha.newnym/src/or/circuitbuild.c	2011-03-04 11:44:01.212529978 +0100
@@ -2066,8 +2066,7 @@
   can_complete_circuit=0; /* so it'll log when it works again */
   control_event_client_status(severity, "CIRCUIT_NOT_ESTABLISHED REASON=%s",
                               "CLOCK_JUMPED");
-  circuit_mark_all_unused_circs();
-  circuit_expire_all_dirty_circs();
+  circuit_mark_all_circs();
 }
 
 /** Take the 'extend' <b>cell</b>, pull out addr/port plus the onion
diff -Naur tor-0.2.2.22-alpha.old/src/or/circuitlist.c tor-0.2.2.22-alpha.newnym/src/or/circuitlist.c
--- tor-0.2.2.22-alpha.old/src/or/circuitlist.c	2011-01-25 22:33:39.000000000 +0100
+++ tor-0.2.2.22-alpha.newnym/src/or/circuitlist.c	2011-03-04 11:42:30.748529978 +0100
@@ -1002,16 +1002,18 @@
 }
 
 /** Go through the circuitlist; mark-for-close each circuit that starts
- *  at us but has not yet been used. */
+ *  at us.
+ *
+ * This is useful for letting the user change pseudonyms, so new
+ * streams will not be linkable to old streams. */
 void
-circuit_mark_all_unused_circs(void)
+circuit_mark_all_circs(void)
 {
   circuit_t *circ;
 
   for (circ=global_circuitlist; circ; circ = circ->next) {
     if (CIRCUIT_IS_ORIGIN(circ) &&
-        !circ->marked_for_close &&
-        !circ->timestamp_dirty)
+        !circ->marked_for_close)
       circuit_mark_for_close(circ, END_CIRC_REASON_FINISHED);
   }
 }
@@ -1019,9 +1021,6 @@
 /** Go through the circuitlist; for each circuit that starts at us
  * and is dirty, frob its timestamp_dirty so we won't use it for any
  * new streams.
- *
- * This is useful for letting the user change pseudonyms, so new
- * streams will not be linkable to old streams.
  */
 void
 circuit_expire_all_dirty_circs(void)
diff -Naur tor-0.2.2.22-alpha.old/src/or/circuitlist.h tor-0.2.2.22-alpha.newnym/src/or/circuitlist.h
--- tor-0.2.2.22-alpha.old/src/or/circuitlist.h	2011-01-16 04:44:28.000000000 +0100
+++ tor-0.2.2.22-alpha.newnym/src/or/circuitlist.h	2011-03-04 11:37:44.186529978 +0100
@@ -39,7 +39,7 @@
 or_circuit_t *circuit_get_intro_point(const char *digest);
 origin_circuit_t *circuit_find_to_cannibalize(uint8_t purpose,
                                               extend_info_t *info, int flags);
-void circuit_mark_all_unused_circs(void);
+void circuit_mark_all_circs(void);
 void circuit_expire_all_dirty_circs(void);
 void _circuit_mark_for_close(circuit_t *circ, int reason,
                              int line, const char *file);
diff -Naur tor-0.2.2.22-alpha.old/src/or/config.c tor-0.2.2.22-alpha.newnym/src/or/config.c
--- tor-0.2.2.22-alpha.old/src/or/config.c	2011-01-25 22:33:58.000000000 +0100
+++ tor-0.2.2.22-alpha.newnym/src/or/config.c	2011-03-04 11:42:47.604529977 +0100
@@ -1263,9 +1263,8 @@
         options->StrictNodes != old_options->StrictNodes) {
       log_info(LD_CIRC,
                "Changed to using entry guards, or changed preferred or "
-               "excluded node lists. Abandoning previous circuits.");
-      circuit_mark_all_unused_circs();
-      circuit_expire_all_dirty_circs();
+               "excluded node lists. Abandoning all circuits.");
+      circuit_mark_all_circs();
     }
 
 /* How long should we delay counting bridge stats after becoming a bridge?
diff -Naur tor-0.2.2.22-alpha.old/src/or/main.c tor-0.2.2.22-alpha.newnym/src/or/main.c
--- tor-0.2.2.22-alpha.old/src/or/main.c	2011-01-25 22:33:39.000000000 +0100
+++ tor-0.2.2.22-alpha.newnym/src/or/main.c	2011-03-04 11:43:13.514529979 +0100
@@ -843,7 +843,7 @@
 static void
 signewnym_impl(time_t now)
 {
-  circuit_expire_all_dirty_circs();
+  circuit_mark_all_circs();
   addressmap_clear_transient();
   time_of_last_signewnym = now;
   signewnym_is_pending = 0;

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Stricter NEWNYM?
  - From: Robert Ransom

Prev by Author: Re: [tor-talk] tor using SSH
Next by Author: [tor-talk] Tor-ramdisk
Previous by thread: Re: [tor-talk] Excito's B3 and TOR
Next by thread: Re: [tor-talk] Stricter NEWNYM?
Index(es):
- Author
- Thread