On Fri, 04 Mar 2011 13:21:22 +0100 anonym <anonym@xxxxxxxxxxx> wrote: > While I've been developing the LiveCDs Incognito and Tails I've got my > fair share of feature requests/bug reports that really are about Tor. > One recurring feature request is to make NEWNYM stricter. > > Users have observed that issuing a NEWNYM doesn't necessarily stop using > the previous circuits, which is obviously the case for truly long lived > connections like IRC and SSH, but I don't think that is what bothers > them; web browsing connections also keep using the old circtuits, at > least with certain web browser and intermediate proxy configurations > that makes them "kinda" long lived (think http keep-alive timeouts). > This confuses users when they get the same exit node after a NEWNYM (for > instance by refreshing check.torproject.org afterwards). This can happen even on a new circuit. Tor does not try to select a different exit node after a NEWNYM has been issued, as that would make users' streams before a NEWNYM more linkable to their streams after the NEWNYM. > Conclusion: NEWNYM doesn't do what the users expect. > > That's no good. Why don't we make NEWNYM ruthlessly kill all circuits, > even the ones handling live connections, long lived or not? I strongly > believe this stricter NEWNYM behaviour is (at least closer to) what the > user expects from it. See the attached patch for a quick and dirty > implementation -- a patch says more than a thousand words, I suppose. > > Of course, to use NEWNYM requires some caution from the user, e.g. > clearing cookies, session id etc. if revisiting the same site, but that > also affects the old NEWNYM approach. Maybe it's even the case that > NEWNYM gives a false sense of a new identity, given all application > level problems that Tor cannot (or at least shouldn't) do anything > about, and thus we should give a shite? Torbutton would also need a 'new identity' button. See <https://trac.torproject.org/projects/tor/ticket/523> for some discussion of what that would involve. If you want to close all web-browsing streams while switching to a 'new identity', the best currently possible options are to toggle Torbutton off, then back on, or to quit Firefox entirely and restart it. (This also requires that you restart Polipo or not be using it.) Perhaps that should be documented better. Alternatively, a user could use Vidalia's 'Network Map' to close all open web-browsing streams. > In any case, are there any new > problems introduced by this more brutal approach that I haven't thought > of which would make it worse than the previous one? This approach would make it impractical for a user to use IRC or SSH on a LiveCD while browsing without linking the IRC/SSH session to his/her/its browsing activities. Please separate the 'kill all streams' command from the NEWNYM command. A 'kill all streams' command would be more useful if it came with an implementation of proposal 171 and ended all streams sent by one application (as determined by the application-separation criteria in that proposal). Unfortunately, that won't become possible until proposal 171 is implemented. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk